Idem and idem-vra plugin allows you to have a declarative representation of Aria (vRealize) Automation configuration as code. Both can be used to update resources like image mappings via CLI command without going through Aria Auto UI. Packages are easily installable via git.
Image mappings.
in Aria Automation are set of predefined operating system requirements for specific cloud account or region. When you create an image mapping from vCenter content library, in the form of OVF or VM template, this typically binds the image mapping name to an id in the content library. This binding is useful and serves as an abstraction for later consumption in cloud templates. Keeping image mappings in sync with the latest OVF or VM templates, to ensure the OSs and services are protected agains security issues, is a tedious task. With the open-source release of idem-vra or idem provider for Aria Automation (formerly known as vRealize Automation), image mappings can be exported in structured manner with all their subsequent properties.
If you want to read more before diving in, you may check:
https://docs.vmware.com/en/VMware-Aria-Automation/SaaS/Using-Automation-Assembler/GUID-9CBAA91A-FAAD-4409-AFFC-ACC1810E4FA5.html
Idem provider for Aria (vRealize) Automation.
is an idem plugin, and “idem is an idempotent dataflow programming language, which exposes statefull programming constructs that makes things like enforcing the state of an application, configuration, SaaS system, or others very simple”.
If you want to read more about idem, you may check:
https://docs.idemproject.io/idem/en/latest/index.html
Instalation of idem-vra.
Idem-vra is a python based idem plugin. The basic steps for installation and best practice for usage is to leverage virtualenv. For step-by-step instructions on how to use virtualenv, skip to the link at the end of the paragraph.
pip install git+https://gitlab.com/vmware/idem/idem-vra/ && cd idem-vra
Idem uses FERNET encryption in order to provide the necessary security, when operating with credentials. You need to enter those manually in a credentials.yaml file using the following format: vra:
default:
vra_url: https://hostname-or-ip-address-of-the-appliance
refresh_token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Please note that the default url is for the Aria Automation Cloud. You can obtain the refresh_token via POST with username and password to /csp/gateway/am/api/login?access_token=true
For more information regarding loging in and the refresh_token see:
https://developer.vmware.com/docs/17860/GUID-AC1E4407-6139-412A-B4AA-1F102942EA94.html
After the credentials are entered in credentials.yaml, you need to encrypt the file executing below command:
idem encrypt credentials.yaml Use generated encryption key to add it within the quotes of ACCT_KEY environment variable. Second variable ACCT_FILE requires pointing to the path of credentials.yaml.ferrnet file. Ones changes are made execute commands below:
export ACCT_KEY="replace with encrypted key we generated above"
export ACCT_FILE="replace with the path to credentials.yaml.fernet"
For complete installation instructions, or if you stumble upon any issues, please follow the steps outlined in: https://docs.idemproject.io/idem-vra/en/latest/topics/idem-vra.html#virtual-environment
To validate that the configuration and the credentials work correctly, execute:
idem exec exec.vra.iaas.about.get_about_page
supportedApis:
|_
----------
apiVersion:
2019-01-15
deprecationPolicy:
----------
deprecatedAt:
2021-07-15
description:
This is a deprecated version of IAAS API, please use the latest one
expiresAt:
None
documentationLink:
/iaas/api/swagger?apiVersion=2019-01-15
|_
----------
apiVersion:
2021-07-15
deprecationPolicy:
None
documentationLink:
/iaas/api/swagger?apiVersion=2021-07-15
latestApiVersion:
2021-07-15
Using idem-vra for image-profile management
For the task at hand, we are going to be using Image profiles, as outlined in the following definition:
See more at:
https://docs.idemproject.io/idem-vra/en/latest/ref/states/iaas/imageprofile.html
The definition of the construct requires us to have the id of the cloud zone which in Aria Automation`s platform is a logical grouping of computing resources in a specific cloud environment. It will be provided for regionId to lookup a specific image via its name in the vSphere content library. We can use two exec functions in the sls file to find those id.
Disclaimer: The following example and example.sls will lookup an Image Mapping by it’s name, defined here as ‘idem-ubuntu’, You can verify if you already have an idem-ubuntu named image mapping in vRealize Autoyation → Cloud Assemblt → Infrastructure→Image Mapping or via Aria Automation interface
Or in latest releases Aria Automation → Assembler → Infrastructure → Configure → Image mappings
Let’s try a simple example.
example.sls file consists of custom parameters about the desired state of an image resource.
# =========================
# User Variables Definitions
# =========================
{% set user_vcenter_vm_template = '*Ubuntu-18.04-64-Server' %}
{% set image_profile = 'idem-ubuntu' %}
{% set image_name = "ubuntu" %}
# =========================
# Image Lookup
# =========================
Fabric Image:
exec.run:
- path: vra.iaas.fabricimages.get_fabric_images
- kwargs:
filter: "(name eq '{{ user_vcenter_vm_template }}')"# =========================
# Zone Lookup
# =========================
# or split on ${exec:Fabric Image:content[0]:_links:region:href
Regions:
exec.run:
- path: vra.iaas.location.get_regions
- kwargs:
# =========================
# Image Profile Definitions
# =========================
{{ image_profile }}:
vra.iaas.imageprofile.present:
- name: {{ image_profile }}
- regionId: ${exec:Regions:content[0]:id}
- imageMapping:
{{ image_profile }}:
name: {{ image_name }}
id: ${exec:Fabric Image:content[0]:id}
- description: "Idem-created image mapping"
Then we need to enforce the desired state executing:
idem state example.sls --esm-plugin=null
Which will produce the folowing result:
–snip
ID: idem-ubuntu
Function: vra.iaas.imageprofile.present
Result: True
Comment: ('Creation of imageprofile idem-ubuntu success.',)
Changes:
old:
----------
new:
----------
externalRegionId:
Datacenter:datacenter-3
imageMappings:
----------
mapping:
----------
idem-ubuntu:
----------
cloudConfig:
None
osFamily:
LINUX
externalRegionId:
description:
externalId:
5ef6ab1e-e9ee-4fb8-b076-40dbf1f7e70d
isPrivate:
False
constraints:
None
cloudAccountIds:
None
customProperties:
None
name:
Cava Templates / Ubuntu-18.04-64-Server
id:
5a2fd759052c617afe0b62332452440fd45edd20
externalRegionId:
cloudAccountId:
8be788c6-12c1-47a1-9e03-6cc8185b039e
name:
idem-ubuntu
description:
Idem-created image mapping
id:
55b7e657-9643-4aaa-a5e7-59f70b9ad7af-13eb11ea-8e32-4eb4-9754-ee9dbeea1adb
run: 2 successful
present: 1 created successfully
You can verify the state with idem describe vra.iaas.imageprofile.*
idem-ubuntu-ee9dbeea1adb:
vra.iaas.imageprofile.present:
- externalRegionId: Datacenter:datacenter-3
- imageMappings:
externalRegionId: ''
mapping:
idem-ubuntu:
cloudAccountIds: null
cloudConfig: null
constraints: []
customProperties: null
description: ''
externalId: 5ef6ab1e-e9ee-4fb8-b076-40dbf1f7e70d
externalRegionId: ''
id: bb100fad09884a9adb2f4bddf1cfa07620a0b4e7
isPrivate: false
name: Cava Templates / Ubuntu-18.04-64-Server
osFamily: LINUX
- cloudAccountId: 8be788c6-12c1-47a1-9e03-6cc8185b039e
- name: idem-ubuntu
- description: Idem-created image mapping
- id: 55b7e657-9643-4aaa-a5e7-59f70b9ad7af-13eb11ea-8e32-4eb4-9754-ee9dbeea1adb
Alternatively we can use Aria Automation`s UI under Infrastructure tab and Image Mappings section.
Please note, the cloudAccountId can be obtained from the UI of the Assembler or via
idem exec exec.vra.iaas.cloudaccount.get_cloud_accounts
Now let’s change our example.sls so that the vcenter_vm_template points to Ubuntu-20.04 image and it looks like this
# =========================
# User Variables Definitions
# =========================
{% set user_vcenter_vm_template = '*Ubuntu-20.04-64-Server' %}
{% set image_profile = 'idem-ubuntu' %}
{% set image_name = "ubuntu" %}
# =========================
# Image Lookup
# =========================
Fabric Image:
exec.run:
- path: vra.iaas.fabricimages.get_fabric_images
- kwargs:
filter: "(name eq '{{ user_vcenter_vm_template }}')"
# =========================
# Zone Lookup
# =========================
# or split on ${exec:Fabric Image:content[0]:_links:region:href
Regions:
exec.run:
- path: vra.iaas.location.get_regions
- kwargs:
# =========================
# Image Profile Definitions
# =========================
{{ image_profile }}:
vra.iaas.imageprofile.present:
- name: {{ image_profile }}
- regionId: ${exec:Regions:content[0]:id}
- imageMapping:
{{ image_profile }}:
name: {{ image_name }}
id: ${exec:Fabric Image:content[0]:id}
- description: "Idem-created image mapping"
Applying idem state example.sls --esm-plugin=null now will result in the following state:
ID: idem-ubuntu
Function: vra.iaas.imageprofile.present
Result: True
Comment: ('Updated imageprofile idem-ubuntu successfully.',)
Changes:
old:
----------
imageMappings:
----------
mapping:
----------
idem-ubuntu:
----------
externalRegionId:
description:
externalId:
5ef6ab1e-e9ee-4fb8-b076-40dbf1f7e70d
name:
Cava Templates / Ubuntu-18.04-64-Server
id:
5a2fd759052c617afe0b62332452440fd45edd20
externalRegionId:
new:
----------
imageMappings:
----------
mapping:
----------
idem-ubuntu:
----------
externalRegionId:
Datacenter:datacenter-3
description:
Cava Templates / Ubuntu-20.04-64-Server
externalId:
5039b8b2-100b-be98-c9ce-5f3a0ec59dc7
name:
Cava Templates / Ubuntu-20.04-64-Server
id:
0162ecffaae860ba98fb0889c9be18571a1f195e
externalRegionId:
Datacenter:datacenter-3
run: 2 successful
present: 1 updated successfully
Now you can programmatically manage Aria Automation image profiles, or other resources available in idem-vra provider, via cli or integrated in another python script or system.
See more about supported resources at:
