Provisioning Virtual Machines with PowervRA

This post will walk through using PowervRA to provision virtual machines from vRA catalog items. PowervRA is a powerful tool allowing us to automate and customise vRA configuration and deployments by leveraging the RESTFUL API. We’ll cover requesting catalog items using both the default settings and with additional values or customisation using a JSON file. For more information review the PowervRA documentation here, the full syntax for Request-vRACatalogItem can be found here.

PowervRA can be installed direct from the PowerShell gallery.

Install-Module -Name PowervRA

Alternatively you can download from GitHub here, drop the PowervRA folder into C:\Program Files\WindowsPowerShell\Modules, and then import.

Import-Module PowervRA

Use Connect-vRAServer to establish a connection to the vRA appliance. This will prompt for a username and password.

Connect-vRAServer -Server <vRA Server> -Tenant <Tenant Name>
Connect-vRAServer -Server vralab01.corp.local -Tenant esxsi -IgnoreCertRequirements

You can also add the -Username switch and -Password switch, or -Credential to add a Powershell credential file. If you are using self signed certs add -IgnoreCertRequirements.

Use Get-vRACatalogItems to list all catalog items the user has access to. Add the -Name switch to list details for a specific catalog item. Make a note of the Id, this is required to request the catalog item.

Get-vRACatalogItem
Get-vRACatalogItem -Name <Catalog Item Name>
Get-vRACatalogItem -Name PSTestBlueprint

Use Request-vRACatalogItem to make the request, you can also add -Wait to wait for the request to complete, and -Verbose to show the event log.

Request-vRACatalogItem -Id <Catalog Item Id>
Request-vRACatalogItem -Id 78eddfcc-c9dd-4104-abd6-218b6ff1e9fa -Wait -Verbose 

We can even do something like:

$CatalogItemId = (Get-vRACatalogItem -Name PSTestBlueprint).Id
Request-vRACatalogItem -Id $CatalogItemId

powervra

In this scenario we want to go further and add values for some custom properties to the request. The request can be customised using a JSON file.

Output the catalog item properties to a JSON file for customisation.

Get-vRACatalogItemRequestTemplate -Name <Catalog Item Name> | Out-File path\file.json
Get-vRACatalogItemRequestTemplate -Name PSBlueprintTest | Out-File C:\requestTemplate.json

Set $json as the updated JSON file. You can verify this has worked and the contents of the JSON file using Write-Output.

$json = Get-Content path\file.json -Raw
$json = Get-Content C:\requestTemplate.json -Raw
Write-Output $json

powervra_1

Update and save the JSON file as required, for example adding the value for a custom property, or amending the CPU / memory allocation.

vra_json

We can now request the catalog item using the JSON file.

Request-vRACatalogItem -JSON $json

powervra_2

When the request is submitted either monitor through Powershell, if you used the verbose switch, or follow the status in the vRA portal as normal under the requests tab.

Add a User Defined Windows Administrator to a vRA Blueprint

This post will walk through implementing a process allowing a vRA portal user to specify a user account to be added to the local administrators group on a Windows server provisioned by vRA. There are plenty of posts out there, including a kb article, on adding the virtual machine requester (owner) to the administrators group if that is what you need to do. Before beginning I am assuming you have a fully working vRA installation (I’m using v7.2), and Windows templates with the vRealize Automation Guest Agent installed. Some blueprints would also be handy, but you can create those after.

We’ll need a script on the template Windows machine, in this example I’ve created a Scripts sub-folder within the VRMGuestAgent folder, and a new text file which I’ve saved as AdminUser.cmd. The full path therefore is C:\VRMGuestAgent\Scripts\AdminUser.cmd.

Location

Copy and paste the following line into the batch file: Net localgroup administrators /add %1.

Script

Log in to the vRA portal, for example https://*loadbalancer*/vcac/org/*tenant*. Open the Administration tab and select Property Dictionary. We need to provide the user with a field in the virtual machine request process for them to specify an account to be added as a local administrator. Click Property Definitions and New.

  • Enter a name, it is best practice to use the tenant name, a dot, and then the name of the proeprty definition, for example YourTenant.AdminUser.
  • Enter a useful description, this text will be displayed when the user points to the help symbol next to the field we’re adding in the virtual machine request.
  • Change the Data type to String, and select whether you want the field to be mandatory.
  • From the Display as drop-down menu select Textbox. Click Ok to save.

Admin1

Next click Property Groups. If your blueprints are using an existing property group then click the property group.  If you need to create a new property group click New and enter a name. The following lines need adding to the property group that is used, or will be used, by a blueprint.

  • Name:   VirtualMachine.Software0.Name
  • Value:   AdminUser
    • Replace the value with an appropriate name for the property, I have used the same name as the script but it doesn’t have to match up.
  • Name:   VirtualMachine.Software0.ScriptPath
  • Value:   C:\VRMGuestAgent\Scripts\AdminUser.cmd {YourTenant.AdminUser}
    • Replace the value with the location of the script on the template OS and include the squiggly brackets; with the name of the property definition we created earlier inside.
  • Name:   YourTenant.AdminUser
  • Value:
  • Show in Request:   Yes
    • Enter the name of the property definition we created earlier and leave the value blank (this will be entered by the user). Ensure Show in Request is ticked.

If you are already using VirtualMachine.Software0 for something else, such as adding the virtual machine owner to the local administrators group, then you can amend to VirtualMachine.Software1 and so on. When you’re done the entries should look something like this, click Ok.

Properties

If you haven’t yet assigned a property group to your blueprint then click the Design tab and Blueprints. Click the blueprint to edit, select the vSphere_Machine and click the Properties tab, from the Property Groups tab click Add.

CustomProperty

Select the property group we recently created or changed and click Ok. Click Save and Finish. The values in the property group will now be applied to any virtual machines deployed from this blueprint, repeat as required for any other vSphere_Machines or blueprints.

Assuming your blueprint is published and has the necessary entitlements; click the Catalog tab. Locate the catalog item linked to the blueprint and click Request. Select the vSphere_Machine component and you’ll see the new field for the requester to enter the domain\user or user@domain account to be added to the Windows local Administrator group. If you opted to make data input mandatory you’ll see an asterisk next to the new field.

Request

Defining vRealize Automation Datacenter Locations

This post will walk through defining datacenter locations for VMware vRealize Automation 7.2. The primary two use cases for additional datacenter locations are to allow users to select a datacenter for service deployments, or for the administrator to specify a set datacenter when configuring a blueprint. We will cover both scenarios below.

Adding Datacenter Locations

Datacenter locations are defined in an xml file on the IaaS server(s). If you have multiple IaaS servers then we must perform the change on each server individually, and disable it from the load balancing configuration before commencing. If you are only using a single IaaS server, such as in a lab environment, then obviously this is not necessary. For vRA installations using NSX as a load balancer you can follow the brief steps below, otherwise refer to the documentation for your load balancing solution.

  • Log into the vSphere web client as a user with NSX administrative privileges, select Networking & Security.
  • Click NSX Edges and then double click the NSX Edge containing the load balancing configuration.
  • From the Manage tab select Load Balancer and Pools. Select the pool configured for the IaaS web servers and click Edit.
  • Select one of the nodes in the Members table and click the edit symbol. Untick Enable Member and click Ok.
  • The server is now disabled from the load balancing configuration and you can go ahead and make the change outlined below. Once complete enable the member and disable the next node, repeating the process for each member of the pool.

When the IaaS server node has been disabled in the IaaS Web load balancing pool (if applicable) navigate to C:\Program Files(x86)\VMware\vCAC\Server\Website\XmlData, or replace with the installation directory as appropriate. Edit the DataCenterLocations.xml file, entering your datacenter names in the CustomDataType body, in place of London and Boston.

dcl

Save and close the file, then restart the VMware vCloud Automation Center Service.

service

If you removed the IaaS from the load balancer remember to add it back in, you’ll then need to repeat the process for each instance. Once the change has been made on each IaaS node we can assign the locations to compute resources.

Log into the vRA tenant portal as a fabric administrator, you may need to clear your browser history to show the updated datacenters in the xml file we changed earlier. Open the Infrastructure tab and browse to Compute Resources, Compute Resources. Move the mouse pointer over the compute resource and click Edit, from the drop-down Location menu select the site to associate with the compute resource, click Ok. Repeat this for each compute resource requiring an assigned datacenter location.

compute

Selecting Datacenter Locations

Now that we have available locations assigned to our compute resource we can specify this using a blueprint. Log into the vRA tenant portal as a tenant administrator, from the Design tab select Blueprints. Select the blueprint to edit and click Edit. The main 2 options we are concerned with for datacenter locations are:

  • Allow the user to select the datacenter location.
    • From the General tab select the Display location on request tickbox. Click Save and Finish. Assuming the blueprint is published with appropriate catalog entitlements then when the user requests the catalog item they can select from the drop-down Location menu in the vSphere machine General tab.

usersite

  • Set the datacenter location in the blueprint, and do not allow the user to change the location. This option is useful for when the administrator wants to set where certain blueprints are deployed.
    • Check the setting mentioned above is unticked. Navigate to the Properties tab and select Custom Properties. Click New to add a new property. In the Name field enter Vrm.DataCenter.Location, in the Value field enter the site name, matching one of the site names we added previously, click Ok. Click Save and Finish. When the user requests the catalog item it will be deployed at the datacenter defined by the blueprint custom property.

adminsite