Tag Archives: Automation

vRA Deployments with Terraform

This post covers notes made when using Terraform to deploy basic resources from VMware vRealize Automation (vRA). Read through the vRA provider plugin page here and the Terraform documentation here. There are a couple of other examples of Terraform configurations using the vRA provider here and here. If you’re looking for an introduction on why Terraform and vRA then this blog post gives a good overview. If you have worked with the vRA Terraform provider before feel free to add any additional pointers or best practises in the comments section, as this is very much a work in progress.

Terraform Setup

Before starting you will need to download and install Go and Git to the machine you are running Terraform from. Visual Studio Code with the Terraform extension is also a handy tool for editing config files but not a requirement. The steps below were validated with Windows 10 and vRA 7.3.

After installing Go the default GOROOT is set to C:\Go and GOPATH to %UserProfile%\Go. Go is  the programming language we will use to rebuild the vRA provider plugin. GOPATH is going to be the location of the directory containing source files for Go projects.

In this instance I have set GOPATH to D:\Terraform and will keep all files in this location. To change GOPATH manually open Control Panel, System, Advanced system settings, Advanced, Environment Variables. Alternatively GOROOT and GOPATH can be set from CLI:

set GOROOT=C:\Go
set GOPATH=D:\Terraform

Download Terraform for Windows, put the executable in the working directory for Terraform (D:\Terraform or whatever GOPATH was set to).

In AppData\Roaming create a new file terraform.rc (%UserProfile%\AppData\Roaming\terraform.rc) with the following contents, replace D:\Terraform with your own Terraform working directory.

providers {
     vra7 = "D:\\Terraform\\bin\\terraform-provider-vra7.exe"
}

Open command prompt and navigate to the Terraform working directory. Run the following command to download the source repository:

go get github.com/vmware/terraform-provider-vra7et GOROOT=C:\Go

Open the Terraform working directory and confirm the repository source files have been downloaded.

The final step is to rebuild the Terraform provider using Go. Download the latest version of dep. Rename the executable to dep.exe and place in your Terraform working directory under \src\github.com\vmware\terraform-provider-vra7.

Back in command prompt navigate to D:\Terraform\src\github.com\vmware\terraform-provider-vra7 and run:

dep ensure
go build -o D:\Terraform\bin\terraform-provider-vra7.exe

Running dep ensure can take a while, use the -v switch if you need to troubleshoot. The vRA Terraform provider is now ready to use.

Using Terraform

In the Terraform working directory a main.tf file is needed to describe the infrastructure and set variables. There are a number of example Terraform configuration files located in the source repository files under \src\github.com\vmware\terraform-provider-vra7\example.

A very basic example of a configuration file would first contain the vRA variables:

provider "vra7" {
     username = "username"
     password = "password"
     tenant = "vRAtenant"
     host = "https://vRA
}

Followed by the resource details:

resource "vra7_resource" "machine" {
   catalog_name = "BlueprintName"
}

Further syntax can be added to pass additional variables, for a full list see the resource section here. The configuration file I am using for the purposes of this example is as follows:

main_tf

Example config and variable files from source repo:

multi_machine_example

variables_example

Once your Terraform configuration file or files are ready go back to command prompt and navigate to the Terraform working directory. Type terraform and hit enter to see the available options, for a full list of commands see the Terraform CLI documentation here.

Start off with initialising the vRA provider plugin:

terraform init

terraform_init

Validate the Terraform configuration files:

terraform validate

If you’re ready then start the deployment:

terraform apply

terraform_apply_1

Monitor the progress from the CLI or from the task that is created in the Requests tab of the vRA portal.

terraform_apply_2

terraform_apply_3

Check the state of the active deployments using the available switches for:

terraform state

terraform_state

To destroy the resource use:

terraform destroy

terraform_destroy

Provisioning Virtual Machines with PowervRA

This post will walk through using PowervRA to provision virtual machines from vRA catalog items. PowervRA is a powerful tool allowing us to automate and customise vRA configuration and deployments by leveraging the RESTFUL API. We’ll cover requesting catalog items using both the default settings and with additional values or customisation using a JSON file. For more information review the PowervRA documentation here, the full syntax for Request-vRACatalogItem can be found here.

PowervRA can be installed direct from the PowerShell gallery.

Install-Module -Name PowervRA

Alternatively you can download from GitHub here, drop the PowervRA folder into C:\Program Files\WindowsPowerShell\Modules, and then import.

Import-Module PowervRA

Use Connect-vRAServer to establish a connection to the vRA appliance. This will prompt for a username and password.

Connect-vRAServer -Server <vRA Server> -Tenant <Tenant Name>
Connect-vRAServer -Server vralab01.corp.local -Tenant esxsi -IgnoreCertRequirements

You can also add the -Username switch and -Password switch, or -Credential to add a Powershell credential file. If you are using self signed certs add -IgnoreCertRequirements.

Use Get-vRACatalogItems to list all catalog items the user has access to. Add the -Name switch to list details for a specific catalog item. Make a note of the Id, this is required to request the catalog item.

Get-vRACatalogItem
Get-vRACatalogItem -Name <Catalog Item Name>
Get-vRACatalogItem -Name PSTestBlueprint

Use Request-vRACatalogItem to make the request, you can also add -Wait to wait for the request to complete, and -Verbose to show the event log.

Request-vRACatalogItem -Id <Catalog Item Id>
Request-vRACatalogItem -Id 78eddfcc-c9dd-4104-abd6-218b6ff1e9fa -Wait -Verbose 

We can even do something like:

$CatalogItemId = (Get-vRACatalogItem -Name PSTestBlueprint).Id
Request-vRACatalogItem -Id $CatalogItemId

powervra

In this scenario we want to go further and add values for some custom properties to the request. The request can be customised using a JSON file.

Output the catalog item properties to a JSON file for customisation.

Get-vRACatalogItemRequestTemplate -Name <Catalog Item Name> | Out-File path\file.json
Get-vRACatalogItemRequestTemplate -Name PSBlueprintTest | Out-File C:\requestTemplate.json

Set $json as the updated JSON file. You can verify this has worked and the contents of the JSON file using Write-Output.

$json = Get-Content path\file.json -Raw
$json = Get-Content C:\requestTemplate.json -Raw
Write-Output $json

powervra_1

Update and save the JSON file as required, for example adding the value for a custom property, or amending the CPU / memory allocation.

vra_json

We can now request the catalog item using the JSON file.

Request-vRACatalogItem -JSON $json

powervra_2

When the request is submitted either monitor through Powershell, if you used the verbose switch, or follow the status in the vRA portal as normal under the requests tab.

Add a User Defined Windows Administrator to a vRA Blueprint

This post will walk through implementing a process allowing a vRA portal user to specify a user account to be added to the local administrators group on a Windows server provisioned by vRA. There are plenty of posts out there, including a kb article, on adding the virtual machine requester (owner) to the administrators group if that is what you need to do. Before beginning I am assuming you have a fully working vRA installation (I’m using v7.2), and Windows templates with the vRealize Automation Guest Agent installed. Some blueprints would also be handy, but you can create those after.

We’ll need a script on the template Windows machine, in this example I’ve created a Scripts sub-folder within the VRMGuestAgent folder, and a new text file which I’ve saved as AdminUser.cmd. The full path therefore is C:\VRMGuestAgent\Scripts\AdminUser.cmd.

Location

Copy and paste the following line into the batch file: Net localgroup administrators /add %1.

Script

Log in to the vRA portal, for example https://*loadbalancer*/vcac/org/*tenant*. Open the Administration tab and select Property Dictionary. We need to provide the user with a field in the virtual machine request process for them to specify an account to be added as a local administrator. Click Property Definitions and New.

  • Enter a name, it is best practice to use the tenant name, a dot, and then the name of the proeprty definition, for example YourTenant.AdminUser.
  • Enter a useful description, this text will be displayed when the user points to the help symbol next to the field we’re adding in the virtual machine request.
  • Change the Data type to String, and select whether you want the field to be mandatory.
  • From the Display as drop-down menu select Textbox. Click Ok to save.

Admin1

Next click Property Groups. If your blueprints are using an existing property group then click the property group.  If you need to create a new property group click New and enter a name. The following lines need adding to the property group that is used, or will be used, by a blueprint.

  • Name:   VirtualMachine.Software0.Name
  • Value:   AdminUser
    • Replace the value with an appropriate name for the property, I have used the same name as the script but it doesn’t have to match up.
  • Name:   VirtualMachine.Software0.ScriptPath
  • Value:   C:\VRMGuestAgent\Scripts\AdminUser.cmd {YourTenant.AdminUser}
    • Replace the value with the location of the script on the template OS and include the squiggly brackets; with the name of the property definition we created earlier inside.
  • Name:   YourTenant.AdminUser
  • Value:
  • Show in Request:   Yes
    • Enter the name of the property definition we created earlier and leave the value blank (this will be entered by the user). Ensure Show in Request is ticked.

If you are already using VirtualMachine.Software0 for something else, such as adding the virtual machine owner to the local administrators group, then you can amend to VirtualMachine.Software1 and so on. When you’re done the entries should look something like this, click Ok.

Properties

If you haven’t yet assigned a property group to your blueprint then click the Design tab and Blueprints. Click the blueprint to edit, select the vSphere_Machine and click the Properties tab, from the Property Groups tab click Add.

CustomProperty

Select the property group we recently created or changed and click Ok. Click Save and Finish. The values in the property group will now be applied to any virtual machines deployed from this blueprint, repeat as required for any other vSphere_Machines or blueprints.

Assuming your blueprint is published and has the necessary entitlements; click the Catalog tab. Locate the catalog item linked to the blueprint and click Request. Select the vSphere_Machine component and you’ll see the new field for the requester to enter the domain\user or user@domain account to be added to the Windows local Administrator group. If you opted to make data input mandatory you’ll see an asterisk next to the new field.

Request

Defining vRealize Automation Datacenter Locations

This post will walk through defining datacenter locations for VMware vRealize Automation 7.2. The primary two use cases for additional datacenter locations are to allow users to select a datacenter for service deployments, or for the administrator to specify a set datacenter when configuring a blueprint. We will cover both scenarios below.

Adding Datacenter Locations

Datacenter locations are defined in an xml file on the IaaS server(s). If you have multiple IaaS servers then we must perform the change on each server individually, and disable it from the load balancing configuration before commencing. If you are only using a single IaaS server, such as in a lab environment, then obviously this is not necessary. For vRA installations using NSX as a load balancer you can follow the brief steps below, otherwise refer to the documentation for your load balancing solution.

  • Log into the vSphere web client as a user with NSX administrative privileges, select Networking & Security.
  • Click NSX Edges and then double click the NSX Edge containing the load balancing configuration.
  • From the Manage tab select Load Balancer and Pools. Select the pool configured for the IaaS web servers and click Edit.
  • Select one of the nodes in the Members table and click the edit symbol. Untick Enable Member and click Ok.
  • The server is now disabled from the load balancing configuration and you can go ahead and make the change outlined below. Once complete enable the member and disable the next node, repeating the process for each member of the pool.

When the IaaS server node has been disabled in the IaaS Web load balancing pool (if applicable) navigate to C:\Program Files(x86)\VMware\vCAC\Server\Website\XmlData, or replace with the installation directory as appropriate. Edit the DataCenterLocations.xml file, entering your datacenter names in the CustomDataType body, in place of London and Boston.

dcl

Save and close the file, then restart the VMware vCloud Automation Center Service.

service

If you removed the IaaS from the load balancer remember to add it back in, you’ll then need to repeat the process for each instance. Once the change has been made on each IaaS node we can assign the locations to compute resources.

Log into the vRA tenant portal as a fabric administrator, you may need to clear your browser history to show the updated datacenters in the xml file we changed earlier. Open the Infrastructure tab and browse to Compute Resources, Compute Resources. Move the mouse pointer over the compute resource and click Edit, from the drop-down Location menu select the site to associate with the compute resource, click Ok. Repeat this for each compute resource requiring an assigned datacenter location.

compute

Selecting Datacenter Locations

Now that we have available locations assigned to our compute resource we can specify this using a blueprint. Log into the vRA tenant portal as a tenant administrator, from the Design tab select Blueprints. Select the blueprint to edit and click Edit. The main 2 options we are concerned with for datacenter locations are:

  • Allow the user to select the datacenter location.
    • From the General tab select the Display location on request tickbox. Click Save and Finish. Assuming the blueprint is published with appropriate catalog entitlements then when the user requests the catalog item they can select from the drop-down Location menu in the vSphere machine General tab.

usersite

  • Set the datacenter location in the blueprint, and do not allow the user to change the location. This option is useful for when the administrator wants to set where certain blueprints are deployed.
    • Check the setting mentioned above is unticked. Navigate to the Properties tab and select Custom Properties. Click New to add a new property. In the Name field enter Vrm.DataCenter.Location, in the Value field enter the site name, matching one of the site names we added previously, click Ok. Click Save and Finish. When the user requests the catalog item it will be deployed at the datacenter defined by the blueprint custom property.

adminsite