Getting Started
SovLabs Extensibility Modules 2016.4.2.x for vRA 7.x
Overview
SovLabs Automation and Extensibility Modules allow your IT department to build a fully-functioning Cloud Management Platform (CMP) without writing a single workflow.
Integrate with your existing tools for DNS and IPAM, among others. Our modules manage things like adding and removing DNS records, Active Directory, IPAM reservations, and much more. Manage server lifecycles from provisioning to disposal and provide value to your business in days instead of months.
Benefits
Quick start
Don't spend weeks learning how to build vRO workflows and vRA content. You can be up and running next week. Let us be your content experts.
Simple installation
Our software is delivered as a plugin which is imported into vRealize Orchestration. A configuration workflow creates the core vRA resources.
Protect your investment
We test against new versions of vRA/vRO as they are released and we release a new SovLabs vRA Module Plugin to you. Take the worry out of maintaining your CMP investment and upgrade vRA/vRO without fear of breaking your IT Processes.
The SovLabs plugin provides a flexible template language that allows for utilization and transformation of vRA Custom Properties, which can drastically reduce complexity in large environments.
Assumptions
Consumer has the following VMware products and has basic knowledge on how to access and use:
Terminology
Term | Definition |
---|---|
vRA | Short for VMware’s vRealize Automation Formerly known as vCenter Automation Center (vCAC) |
vRO | Short for VMware’s vRealize Orchestrator Formerly known as vCenter Orchestrator (vCO) |
vRA Lifecycles
SovLabs Automation and Extensibility Modules utilizes the following vRA lifecycles:
vRA Lifecycle | Details |
---|---|
Machine Building | vRA is assigning a reservation and network IP |
Machine Provisioned | vRA provisioned machine, e.g. cloned virtual machine |
Machine Disposing | vRA is destroying virtual machine |
Machine Disposing_POST | vRA destroyed the virtual machine |
1. Setup vRA
Perform the following prior to the SovLabs plugin installation and configuration
Install and configure VMware's vRealize Automation (vRA) 7.x+
1.1 Additional vRA configurations
- Create a vRA service account in Active Directory for the SovLabs plugin to utilize
- Configure vRA Tenant(s) (supports vsphere.local)
- Configure a vRA Business Group
- Configure and test vRA Compute Resources, Reservations, etc
- Create, configure and test vRA Blueprint(s) for each OS desired (with necessary network profiles, reservations, etc.)
1.2 Configure vRA service account permissions
- Login to the root vRA tenant:
https://vRA-FQDN/vcac
- Click on Administration tab > Users & Groups > Custom Groups
- If a group does not exist, add a group:
- Input the group name and description
- Select all roles listed in the Add Roles to this Group box
The two roles required: Tenant Administrator & XaaS Architect
- Click Next
- Type in the vRA service account or vRA service account group
- Click Add
- If a group exists, edit the group:
- Verify that the two roles are selected:
- Service Architect
- XaaS Architect
- Click Next
- Type in the vRA service account or vRA service account group
- Click Update
- Verify that the two roles are selected:
1.3 Configure vRO endpoint in vRA
Perform the following for each vRA tenant utilized
- Login to the vRA tenant
- Click on the Administration tab > vRO Configuration > Server Configuration:
- Toggle the Use an external Orchestrator server radio button and fill out the form appropriately
- Click on the Infrastructure tab > Endpoints > Endpoints:
- Click on +New > Orchestration > vRealize Orchestrator
- Fill out the form accordingly
- Click on +New Custom Property to add the property:
- Name: VMware.VCenterOrchestrator.Priority
- Value: (number, 1 being highest priority)
- Click OK
1.3.1 Add vRO endpoint in vRA for Advanced Services
1.3.2 Add vRO endpoint in vRA for Infrastructure
1.4 Configure Extensibility lifecycle message timeout
Perform the following for each vRA tenant utilized
- Login to the vRA tenant
- Click on the Infrastructure tab > Administration > Global settings:
- Select (click on) the Extensibility lifecycle message timeout row
- Click on the Edit button
- Input a value that will be greater than the longest event workflow subscription timeout (e.g. 3+)
2. Setup vRO
Perform the following prior to the SovLabs plugin installation and configuration
Install and configure VMware's vRealize Orchestrator (vRO) 7.x+
2.1 Active Directory configuration
- Create or identify a vRO Admins group in Active Directory where the vRO server(s) belong
- Create or identify a vRO Service Account in Active Directory for the SovLabs plugin to utilize
2.2 Configure vRO execution permissions
The following is necessary in order for vRO to execute external applications and perform actions such as ping
Perform the following steps for each vRO server that will be utilized
SSH
as userroot
to the vRO server (e.g. SSH via PuTTy)- Modify the
vmo.properties
file:vi /etc/vco/app-server/vmo.properties
- Press the
i
key on the keyboard - Copy & paste the following line to the end file:
com.vmware.js.allow-local-process=true
- Press the
esc
key on the keyboard - Type in
:wq!
and press theEnter
key
- Modify the
js-io-rights.conf
file:vi /etc/vco/app-server/js-io-rights.conf
- Press the
i
key on the keyboard - Copy & paste the following line to the end file:
+rwx /tmp
- Press the
esc
key on the keyboard - Type in
:wq!
and press theEnter
key - Ensure that the file has the appropriate permissions:
cd /etc/vco/app-server
chown vco:vco js-io-rights.conf
chmod 640 js-io-rights.conf
- Restart the vRO server(s)
- Type in
service vco-server restart
- Type in
2.2.1 EMC's FEHC 3.x and 4.x
EMC's Federation Enterprise Hybrid Cloud
Perform the following steps for each vRO server that will be utilized
SSH
as userroot
to the vRO server (e.g. SSH via PuTTy)- Modify the
setenv.sh
file:vi /usr/lib/vco/app-server/bin/setenv.sh
- Press the
i
key on the keyboard - Copy & paste the following line to the end of the
JVM_OPTS
variable:-Djsse.enableSNIExtension=false
- Press the
esc
key on the keyboard - Type in
:wq!
and press theEnter
key
- Restart the vRO server(s)
- Type in
service vco-server restart
- Type in
2.3 Configure Kerberos
Perform the following steps for each vRO server that will be utilized
- SSH as user
root
to the vRO server - Create the file
krb5.conf
:vi /usr/java/jre-vmware/lib/security/krb5.conf
- Press the
i
key - Copy & paste the following into the file with the following content
Replace
example.com
with company domain appropriately If EXAMPLE.COM is in all uppercases, domain should be in all caps. If example.com is in all lowercases, domain should be in lowercase letters. - Press the
esc
key - Type
:wq!
- Press the
enter
key
View example[libdefaults] default_realm = EXAMPLE.COM udp_preferences_limit = 1 [realms] EXAMPLE.COM = { kdc = example.com default_domain = example.com } [domain_realm] .example.com=EXAMPLE.COM example.com=EXAMPLE.COM [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON
[libdefaults] default_realm = SOVLABS.NET udp_preferences_limit = 1 [realms] SOVLABS.NET = { kdc = sovlabs.net default_domain = sovlabs.net } [domain_realm] .sovlabs.net=SOVLABS.NET sovlabs.net=SOVLABS.NET [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON
Multiple domain scenario
Any child domains must be defined before the parent domains in the
[domain_realm]
sectionView example[libdefaults] default_realm = EXAMPLE1.COM udp_preferences_limit = 1 [realms] EXAMPLE1.COM = { kdc = example1.com default_domain = example1.com } EXAMPLE2.COM = { kdc = example2.com default_domain = example2.com } [domain_realm] .example1.com=EXAMPLE1.COM example1.com=EXAMPLE1.COM .example2.com=EXAMPLE2.COM example2.com=EXAMPLE2.COM [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON
[libdefaults] default_realm = SOVLABS.NET udp_preferences_limit = 1 [realms] SOVLABS.NET = { kdc = sovlabs.net default_domain = sovlabs.net } SOVLABS.2K8AD.NET = { kdc = sovlabs.2k8ad.net default_domain = sovlabs.2k8ad.net } [domain_realm] .sovlabs.2k8ad.net=SOVLABS.2K8AD.NET sovlabs.2k8ad.net=SOVLABS.2K8AD.NET .sovlabs.net=SOVLABS.NET sovlabs.net=SOVLABS.NET [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON
sovlabs.2k8ad.net is the child domain
- Ensure that the file has the appropriate permissions:
chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf
- Restart vRO service:
service vco-server restart
2.4 Download vRO's vRA plugin
Skip this step for vRA 7.2 or greater
Download vRO's vRA plugin via: VMware's vRO Plug-In for vRA
Must have a VMware account to download. Two plugins are included in the plugin download
For instance, downloading o11nplugin-vcac-6.2.3-3004239.vmoapp
will provide: 1) vCAC Infrastructure Administration plugin and 2) vCloud Automation Center plugin
2.5 Install vRO's vRA plugins
Perform the following for each vRO server
- Login to the vRO configuration page:
https://vro-fqdn:8283/vco-controlcenter/#/
with userroot
- Click on the Manage Plug-Ins icon
- Locate on the Install plug-in section
- Drag the plugin
.dar
or.vmoapp
file into the browse bar - Click on Install
- Repeat Steps 4 and 5 for the second plugin
- Restart the vRO server
- On the Home page, click on the Startup Options icon
- Click on Restart
- Wait for vRO to restart successfully
- Log back in to the vRO configuration page
- Click on the Manage Plug-Ins icon
- Verify that the installed plugin is listed among the vRO plugins
2.6 Configure vRA endpoints in vRO
2.6.1 Add vRA host for tenant
Perform the following once in vRO for each vRA tenant
- Open the vRO client
- Login to the vRO server
- Click on the Design mode, located near the top-left corner of the client
- Click on the Workflows tab
- Run vRO workflow:
/Library/vCloud Automation Center/Configuration/Add a vCAC host
- Fill out the form fields properly:
Field Value Hostname vRA server If utilizing
vsphere.local
tenant, begin the hostname with "sovlabs_"(e.g. sovlabs_vra01.example.com)The SovLabs plugin can differentiate between the vRA Shared Session endpoint for SovLabs and the Default Per User one already in vsphere.local.Host URL vRA URL Automatically install SSL certificates? Yes Connection Timeout Keep default Operation Timeout Keep default Session mode Shared Session Tenant Primary vRA tenant for vRO to interact with Username vRA Service Account username Password vRA Service Account password - Click Submit
2.6.2 Add an IaaS host
Perform the following once in vRO for each vRA tenant
- Open the vRO client
- Login to the vRO server
- Click on the Design mode, located near the top-left corner of the client
- Click on the Workflows tab
- Run vRO workflow:
/Library/vCloud Automation Center/Infrastructure Administration/Configuration/Add an IaaS host
- Fill out the form fields properly:
Field Value Name IaaS Host FQDN Host URL IaaS Host FQDN Automatically install SSL certificaites Yes Connection timeout (seconds) Keep default Operation timeout (seconds) Keep default Session mode Shared Session If utilizing a vRO built in to the vRA appliance, use SSO
Authentication username Username without domain name Password User's password Workstation for NTLM authentication Leave as blank Domain for NTLM authentication Domain - Click Submit
3. Environment setup
3.1 Setup WinRM
WinRM must be enabled for SovLabs modules utilizing any Windows (R2) servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
3.1.1 Activate WinRM on a Windows server
Activating WinRM on a Windows server allows the SovLabs modules to function properly on proxy and/or target Windows servers
SovLabs modules: AD, DNS, IPAM
- Download the Activate WinRM PowerShell script
Disclaimer: Please review the
activate-winrm.ps1
PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers - Login to the Windows server
- Upload the
.ps1
file to desired directory - Open PowerShell Run as Administrator
- Run the script by entering the full path to the script:
C:\[folderpath]\activate-winrm.ps1
WinRM
should activate successfully
3.1.2 Enable activate WinRM on a vRA blueprint
Enabling activate WinRM on a vRA blueprint allows the SovLabs modules to function properly on provisioned VMs
SovLabs modules: Puppet Enterprise, Puppet Open Source with Foreman
- Download the Activate WinRM PowerShell script
Disclaimer: Please review the
activate-winrm.ps1
PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers - Upload the
activate-winrm.ps1
script onto a desired share server - Login to vCenter
- Navigate to Home > Customization Specification Manager
- Edit desired Customization Specification(s)
- Click on Run Once tab and add the following commands:
-
cmd /c powershell -executionpolicy Bypass -noninteractive -file //{ share path }/activate-winrm.ps1
Replace
{ share path }
with the path to the share that contains theactivate-winrm.ps1
script -
cmd /c shutdown /l /f
If other commands exist, please make sure this command is at the very end. The command logs the Administrator off
-
- Click OK to save the modifications on the Customization Specification(s)
- Login to vRA tenant
- Navigate to blueprints: Design tab > Blueprints
- Edit desired blueprint(s)
- Click on the blueprint vSphere machine on the Design Canvas
- Click on Build Information tab on the blueprint
- Type in or verify the Customization Specification name in the Customization spec field
- Save blueprint by clicking on Finish
3.2 Configure Windows Member Server
Configure Windows Member Server with Remote Management and SSH server. If direct connection to your Windows Domain Controllers (DCs) is either restricted or otherwise not desired, a Windows Member Server configured for remote management can be used by the SovLabs plugin to manage AD and DNS entries.
The modules for DNS and AD require powershell cmdlets, so the Windows Member Server must be Windows 2012 or above.
The SovLabs Plugins for Microsoft AD and DNS use SSH as the connection method to the Windows Member Server. Therefore, the Member Server must have either CygwinSSH server or Bitvise SSH server installed and configured.
Perform the following steps for each Windows Member server that will be utilized
- Login to the Windows server
- If this server will remotely manage Active Directory, install these Roles on your Member Server:
- Under Role Administration Tools
- Active Directory module for Windows Powershell
- AD DS Tools
- Active Directory Administrative Center
- AD DS Snap-Ins and Command-Line Tools
- AD LDS Snap-ins and Command-Line Tools
- If this server is a domain controller, install AD Webservices
- If this server will remotely manage MS DNS, install DNS Server Tools:
- Access the Server Manager
- Click on Manage option on the top right menu > Add Roles and Features
- On the Add Roles and Features Wizard:
- Before You Begin: Click Next
- Installation Type: Accept defaults and click Next
- Server Selection: Accept defaults and click Next
- Server Roles: Accept defaults and click Next
- Features:
- Expand Remote Server Administration Tools
- Select DNS Server Tools
- Click Next
- Confirmation: Click Install
- Results: Verify valid results
- Install and configure SSH server appropriately for:
WinSSHD
https://www.bitvise.com/ssh-serverCygwin SSH
https://cygwin.com/install.html
- If non-administrative rights are desired:
- Create a share
- Assign Modify (read/write) permissions to a user account
Bitvise SSH Server is a third-party product which requires a valid license. See See www.bitvise.com for details.
3.3 Firewall Rules
Source | Target | Protocol | Port(s) | Bi-directional | SovLabs Module(s) |
---|---|---|---|---|---|
vRO Server | Windows 2012 Member Servers | TCP | 22 | Microsoft ADMicrosoft DNS | |
UDP | |||||
vRO Server | SovLabs Microsoft Endpoints for AD | TCP | 59855986 | Microsoft AD | |
vRO Server | SovLabs Microsoft Endpoints for DNS | UDP | Microsoft DNS | ||
Windows 2012 Member Servers | SovLabs Microsoft Endpoints for AD | TCP | 5388135389464326832699389 | Microsoft AD | |
Windows 2012 Member Servers | SovLabs Microsoft Endpoints for DNS | TCP | 53135389464 | Microsoft DNS | |
vRO Server | Server Subnets | TCP | 2259855986 | All | |
UDP | |||||
vRO Server | Puppet Masters
| TCP | 2244338140 | Puppet Enterprise | |
UDP | |||||
vRO Server | Red Hat Satellite servers | TCP | 2280443 | Red Hat Satellite | |
UDP |
4. Configure SovLabs Plugin
4.1 Download & install SovLabs Plugin
Download the SovLabs plugin
Perform the following for each vRO server
- Login to the vRO configuration page:
https://vro-fqdn:8283/vco-controlcenter/#/
with userroot
- Click on the Manage Plug-Ins icon
- Locate on the Install plug-in section
- Drag the plugin
.dar
or.vmoapp
file into the browse bar - Click on Install
- Restart the vRO server
- On the Home page, click on the Startup Options icon
- Click on Restart
- Wait for vRO to restart successfully
- Log back in to the vRO configuration page
- Click on the Manage Plug-Ins icon
- Verify that the installed plugin is listed among the vRO plugins
4.2 First install
SovLabs plugin has been downloaded and installed (Section 4.1)
Installing and configuring the SovLabs plugin is only performed once for each vRA tenant and vRO server the SovLabs vRA Extensibility modules interact with
- Open the vRO client
- Login to the vRO server
- Click on the Design mode, located near the top-left corner of the client
- Click on the Workflows tab
- Run vRO workflow:
SovLabs/Configuration/SovLabs Configuration
- Fill out the
SovLabs Configuration
workflow form appropriately:Field Instructions Main Configuration vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group Create SovLabs vRA Catalog Service? Select 'Yes' Security Group vRA service account in UPN format (e.g. group.domain.com)
*Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service
Publish License Content? Select 'Yes' Upgrade Options Upgrade existing SovLabs vRA content? Select 'No' Apply Upgrade Transformations? Select 'No' Lifecycle Configuration - Install/Upgrade Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? Select 'Yes' *Enables vRA to call vRO during machine lifecycles
Lifecycle Configuration - MachineBuilding MachineBuilding Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided MachineBuilding Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent Lifecycle Configuration - MachineProvisioned MachineProvisioned Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided MachineProvisioned Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent Lifecycle Configuration - Pre-Disposing Pre-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided Pre-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent Lifecycle Configuration - Post-Disposing Post-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided Post-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent - Click Submit
- Verify that the
SovLabs Configuration
workflow completed successfully
4.3 Performing an update
New SovLabs plugin has been downloaded and installed (Section 4.1)
Installing and configuring the SovLabs plugin is only performed once for each vRA tenant and vRO server the SovLabs vRA Extensibility modules interact with
- Open the vRO client
- Login to the vRO server
- Click on the Design mode, located near the top-left corner of the client
- Click on the Workflows tab
- Run vRO workflow:
SovLabs/Configuration/SovLabs Configuration
- Fill out the
SovLabs Configuration
workflow form appropriately:Field Instructions Main Configuration vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group Create SovLabs vRA Catalog Service? Select 'No' Security Group vRA service account in UPN format (e.g. group.domain.com)
*Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service
Publish License Content? Select 'No' Upgrade Options Upgrade existing SovLabs vRA content? Select 'Yes' Apply Upgrade Transformations? Select 'No' Lifecycle Configuration - Install/Upgrade Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? Select 'Yes' only if modifications are necessary *Enables vRA to call vRO during machine lifecycles
Lifecycle Configuration - MachineBuilding MachineBuilding Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided MachineBuilding Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent Lifecycle Configuration - MachineProvisioned MachineProvisioned Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided MachineProvisioned Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent Lifecycle Configuration - Pre-Disposing Pre-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided Pre-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent Lifecycle Configuration - Post-Disposing Post-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided Post-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent - Click Submit
- Verify that the
SovLabs Configuration
workflow completed successfully
4.4 Verifying SovLabs plugin
4.4.1 Verify via vRO
- Open the vRO client
- Login to the vRO server
- Click on the Design mode, located near the top-left corner of the client
- Click on the Inventory tab
- Verify that the SovLabs vRA Extensibility Modules plugin exists
4.4.2 Verify via vRA
- Login to the desired vRA tenant
- Click on the Catalog tab
- Verify that the Add License - SovLabs Modules catalog exists
SovLabs Extensibility modules
Add module license(s)
Each SovLabs Extensibility Module will require a license to enable functionality
Once SovLabs Extensibility modules have been purchased, an email with order details and license keys attached will be sent
Perform the following steps for each license on all vRA tenant(s)
- Login to the desired vRA tenant
- Click on the Catalog tab
- Click on the Add License - SovLabs Modules catalog item
- Fill out the form fields properly:
Field Instructions Product ID Copy & paste the license key's file name (e.g. SL-VRA-XXXX
)License Key (including header) Copy & paste the entire license file attachment contents into this field - Click Submit
Custom Naming
Server naming standards are a fact of life for most organizations. Hostnames are the most basic label that apply to all servers, and this identifier has operational value well beyond name resolution. Hostnames help multiple IT and application teams quickly identify and categorize any given server, revealing its function, role, operating system, environment, location or other attributes.
SovLabs enables administrators to easily manage multiple naming standards through data-driven profiles, allowing IT to keep up with changing architectural and application standards or changes to the business such as department/budget re-alignment, acquisitions or mergers. Take control of your hostnames with SovLabs Custom Naming and drive standardization throughout your environment.
The SovLabs Custom Naming Module gives IT administrators a flexible way to meet their server naming standards with vRealize Automation. With Custom Naming from SovLabs, easily create independent data-driven naming sequences and standards so that servers provisioned through vRealize Automation will adhere to specific naming conventions
The SovLabs Custom Naming module is often used in conjunction with other modules from the SovLabs Core Pack, including Active Directory and interchangeable DNS and IPAM modules.
Quick start process
- Define Naming Sequence
- Define Naming Standard
- Apply to existing blueprint
- Provision!
Features
- Create flexible naming standards that include one or more sequences
- Naming standards consist of a mix of static text and dynamic content such as vRA custom properties and/or custom logic
- Validates against DNS and vRA database to determine hostname availability
- Includes advanced selective locking, preventing duplication of hostnames with parallel provisioning without sacrificing performance
- Allows for creation of multiple types of sequences such as decimal, hex, octal, binary, or custom pattern
- Dynamic sequences are possible using the pattern type, which can utilize vRA properties (utilizing the SovLabs Template Engine ) in combination with custom logic and one or many sequence types
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- Includes option to allow for reuse of sequence values, e.g. for gaps left when machines have been de-provisioned
- Includes options for sequence length, padding character, initial value
- Sequences can be updated at any time, for scenarios like increasing sequence length or setting a new initial value (e.g. set next sequence value at 500 instead of 030)
- Supports creation of multiple naming sequences and standards as needed
Prerequisites
- Have naming standard(s) that accounts for different scenarios for your company
- Login to the vRA tenant
- Add license for Custom Naming module
- Validate the following show up on the Catalog page:
- Add Naming Sequence
- Add Naming Standard
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Naming Sequence
Naming Sequence
A naming sequence can be used in one or more Naming Standards
Field Value Sequence label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique name for sequence
Sequence type Choose a sequence type: - Decimal (Base 10):
0-9
for each digit - HexaDecimal (Base 16):
0-F
for each digit - Octal (Base 8):
0-7
for each digit - Pattern (Mixed bases and static text ): a flexible pattern that allows for unique naming sequences
Reuse sequence values? Select Yes
to reuse a sequence number if it is availableMax sequence length Shown only when Decimal, HexaDecimal or Octal is selected as the sequence type
What is the maximum number of the sequence length? If a
###
sequence is desired, type in3
for a three digit sequence lengthInitial value What is the initial number the sequence starts off with (
0
or1
)?*Do not pad this initial value number
Sequence padding Shown only when Decimal, HexaDecimal or Octal is selected as the sequence type
Numerical value to pad the sequence to the left in the event that the sequence does not meet the required
max sequence length
. Defaults to0
Pattern type format Shown only when Pattern is selected as the sequence type
Unique key Optional - Decimal (Base 10):
-
On the Catalog page, click on the Request button for: Add Naming Standard
Naming Standard
A naming standard is a template that generates a specific hostname
Field Value Naming standard label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique name for naming standard
Used for multi-machine containers? Select Yes
if the naming standard will be used for multi-machine containersSelect sequence(s) Select the sequences that will be a part of the naming standard Template Define the naming standard template that will generate the hostname
The template must include the sequence(s):
Can be templated: SovLabs Template Engine
Usage
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate Naming Standard property group:
- Starts with
SovLabs-NamingStandard-
for single machine scenarios - Starts with
SovLabs-NamingStandardMultiMachineContainer
for multi-machine container scenarios
Do not attach more than 1 Naming Standard property group to a blueprint
- Starts with
- Check the
- Click OK
- Repeat Step 2 for all desired blueprints
Disable
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Naming Standard property group:
- Starts with
SovLabs-NamingStandard-
for single machine scenarios - Starts with
SovLabs-NamingStandardMultiMachineContainer
for multi-machine container scenarios
- Starts with
- Uncheck the Naming Standard property group:
- Click OK
- Repeat Step 2 for all desired blueprints
Example(s)
Configure Pattern Type
Pattern naming sequences are designed to be flexible and multiple base sequences that can match most sequence types used in the industry.
Pattern naming sequences can contain the following types of bases:
Type | Pattern Key | Default Value | Range |
---|---|---|---|
Decimal | # | 0 | 0-9 |
HexaDecimal | x | 0 | 0-F |
Octal | o | 0 | 0-7 |
Binary | b | 0 | 0-1 |
Alpha | a | a | a-z |
All Pattern Keys are to be defined inside / /
, for instance: /a#b/
is a sequence of alpha, decimal, and binary numbers/letters.
A unique feature of the pattern naming standard is that the sequence can contain static or template text in the sequence, yet the sequence increments as you would expect ignoring the text.
For example a pattern of /a/StaticText/b/
will result in a the following sequence values:
aStaticText0, aStaticText1, bStaticText0, bStaticText1, cStaticText0. . .
As you can see that part of the sequence that the counter (inside the / /
) increments while the text outside of the / /
remains static text, yet as the right most digit rolled over the next significant digit increased as one would expect. This can be used with or without static text.
If a template is used, the counter is incremented first and then the template is rendered. This means if your have a property called "App" and you use it in a pattern such as /#//#/
- First run, if App = “Test” => sequence value is
0Test1
- Second run, if App = “Foo” => sequence value is
0Foo2
Custom Notifications
The SovLabs Notifications Module provides an easy yet highly flexible way to send email or REST-based web service notifications based on the success or failure of machine lifecycle events.
This is extremely useful for driving email based automation systems with minimal complexity, or driving web services via REST with dynamic JSON payloads such as ticketing or service management systems.
Quick start process
- Define Notification(s)
- Define a Notification Group
- Apply to existing blueprint
- Provision!
Features
- Create flexible notifications and add them to notification groups
- Supports REST-based web services or email notifications
- Notification email subject, body, addresses or web service address and JSON body can consist of a mix of static text and dynamic content such as vRA custom properties and/or custom logic
- Email notifications consist of message server(s), email groups/addresses (to, cc, bcc), from address, to address, subject and body
- REST-based notifications consist of a title and JSON body
- Supports SSL/TLS or unencrypted communications
- Message servers (email or REST) can be defined independently of notifications
- Credentials for message servers (email or REST) can be defined independently and re-used among message servers
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
Prerequisites
- User account with permissions to the webservices and/or email servers desired
- Login to the vRA tenant
- Add license for Custom Notifications module
- Validate the following show up on the Catalog page:
- Add Notification Configuration
- Add Notification Group Configuration
- Add MessageServer Configuration
- Add EmailGroup Configuration
- Add Authorization Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Notification Configuration
Notification Configuration
A notification configuration holds all the necessary information to send notifications
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Message Server configuration New Message Server? Select
Yes
to create a new message serverSelect
No
to choose an existing message serverMessage Server *Only shown when 'New Message Server' is No
Select the desired message server from a list of existing message serversMessage server configuration label *Only shown when 'New Message Server' is Yes
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label for message server
Message Server Address *Only shown when 'New Message Server' is YesMessage Server address
Please note, for a WebService, the request body is used as type
JSON
to deliver data to the web service it is connecting to.The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.
*If the WebService address is:
webserver.domain.com
and the URL directive for method is:/logmessage
, the resulting Message server address should be:webserver.domain.com/logmessage
Enable SSL? *Only shown when 'New Message Server' is Yes
Choose whether or not SSL is enabled on the message serverMessage Server Port *Only shown when 'New Message Server' is Yes
Message Server portMessage Server Type *Only shown when New Message Server is Yes
Select whether this message server is an Email or WebService typeMessage Server HTTP Verb *Only shown when New Message Server is Yes and Message Server Type is WebService
Select the HTTP VerbAny HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.
Message Server Protocol *Only shown when 'New Message Server' is Yes
Select the appropriate protocolEnable Authentication? *Only shown when 'New Message Server' is Yes
Select whether authentication is enabled on the message serverNew Authentication? Select No to choose from existing authentications
Select Yes to create a new authentication
Authentication *Only shown when 'Enable Authentication' is Yes and 'New Authentication' is No
Select the appropriate authentication from an existing list of authentications
Authentication configuration label *Only shown when 'New Authentication' is Yes
Unique name for authentication.
*Only AlphaNumeric characters, no special characters nor spaces except:-
and_
Username *Only shown when 'New Authentication' is Yes
Username
Password *Only shown when 'New Authentication' is Yes
Username's password
Enable Start TLS? *Only shown when 'New Authentication' is Yes and 'Message Server Type' is Email
Select whether or not to enable start TLS
Network timeout Defaulted to 6000 Email Group configuration *Only shown when the 'Message Server Type' is Email
New Email Group? Select Yes to create a new email group
Select No to choose an existing email group
Email Group *Only shown when 'New Email Group' is No
Select the desired email group from a list of existing email groupsEmail Group configuration label *Only shown when 'New Email Group' is Yes
*Only shown when 'New Message Server' is Yes
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label for email group configuration
To addresses *Only shown when New Email Group is Yes
Enter all the email addresses to send the notification toCan be templated: SovLabs Template Engine
CC addresses *Only shown when 'New Email Group' is Yes
Enter all the CC'ed email addresses to send the notification toCan be templated: SovLabs Template Engine
BCC addresses *Only shown when 'New Email Group' is Yes
Enter all the BCC'ed email addresses to send the notification toCan be templated: SovLabs Template Engine
Notification configuration Configuration label *Only shown when 'New Message Server' is Yes
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label for notification configuration
Notification State Select whether to send the notification on a success and/or error states Format Select the appropriate format From address The address that will be sending the notification Can be templated: SovLabs Template Engine
Title Notification title Can be templated: SovLabs Template Engine
Body Body message. For a WebService, the only payload accepted is a
JSON
payloadCan be templated: SovLabs Template Engine
-
On the Catalog page, click on the Request button for: Add Notification Group Configuration
Notification Group Configuration
A Notification Group configuration holds multiple notification configurations
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Notifications Select all notification configurations for this notification group
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate Notification Group property group (starts with
SovLabs-NotificationGroup-
)Do not attach more than 1 Notification Group property group to a blueprint
- Check the
- Click OK
- Repeat Step 7 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Notification Group property group: (starts with
SovLabs-NotificationGroup-
)
- Uncheck the Notification Group property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
Microsoft Active Directory
Microsoft Active Directory (AD) is a crucial requirement in most Windows server deployments. With the SovLabs Microsoft Active Directory module for vRealize Automation, organizations can flexibly drive Windows server registration with Microsoft Active Directory.
The SovLabs Microsoft Active Directory registration module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming and interchangeable DNS and IPAM modules.
Quick start process
- Define Microsoft endpoint(s)
- Define Active Directory configuration(s)
- Apply to existing blueprint
- Provision!
Features
- Create flexible Active Directory configurations that include one or more Microsoft endpoints
- Handles simple to complex globally distributed multi-domain, multi-site MS AD environments
- Registers/cleans computer account with Active Directory
- Supports placement in a “build OU” during provisioning in order to facilitate software deployments/configurations that require a less restrictive Group Policy
- Supports moving to a final OU post-provisioning
- Supports dynamic creation and removal of OUs
- Supports adding the computer account to existing Active Directory security groups
- OU and Security Group designations are dynamic templated fields utilizing the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- Employs several methods to improve reliability of registration/cleanup to mitigate failures, such as retry logic and post validation checks
- Microsoft endpoints can also be used with the SovLabs Microsoft IPAM and Microsoft DNS modules
Prerequisites
- Define your domain controller server(s) and whether or not proxy servers will be used
- Install AD Webservices on all the domain controllers that will be used
- Ensure NTP is set up correctly
- Login to the vRA tenant
- Add license for Microsoft Active Directory module
- Validate the following show up on the Catalog page:
- Add Microsoft Endpoint
- Add ActiveDirectory Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Microsoft Endpoint
Microsoft Endpoint
A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique endpoint name
Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft server Hostname or IP address If 'Is this a proxy host' is set to Yes, this is the proxy server for the target AD server
AD server (FQDN) or IP addressUse non-standard port? Select the checkbox if WinRM
orSSH daemon
was configured to listen on a non-standard portPort *Only shown when 'Use non-standard port' is Yes
Input the non-standard port for this endpointUsername Username ( UPN format
) that has permissions to add/remove records to/from AD serversPassword User's password Is this a proxy host? Proxy hosts are limited to the
SSH
connection method onlyChoose whether or not to utilize a proxy host to make remote commands to the target AD server
Remote Server hostname or IP address: *Only shown when 'Is this a proxy host' is Yes
The target AD serverAdvanced Configuration Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
Share path for temporary directory to access Define if administrative shares are not available Type in
path\share
instead of\\share-server\path\share
-
On the Catalog page, click on the Request button for: Add ActiveDirectory Configuration
Active Directory Configuration
A naming standard is a template that generates a specific hostname
Field Value General Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hosts Select all the Microsoft Endpoint hosts configured for Active Directory Build OU Use Build OU? If
Yes
, a VM during it's machineBuilding vRA lifecycle will be placed in an interim OU (Build OU)Once the VM has finished building and provisioning, the VM will be placed in the [final] OU
Build OU ActiveDirectory Organizational Unit (OU) in
DN format
for VM to join prior to completing provisioningCreate Build OU? Select Yes
, to create Build OU if it does not existRemove OU? Select Yes
, to remove Build OU if it does not have any children and is emptyOU OU ActiveDirectory Organizational Unit (OU) in
DN format
for VM to joinCreate OU? Select Yes
, to create OU if it does not existRemove OU? Select Yes
, to remove OU if it does not have any children and is emptySecurity Group(s) AD Security Group(s) List all Security Group(s) for server to join
*Can be a static value of either FQDNs or short names (if short names are unique)
Advanced Delete computer accounts based on computer name? Selecting Yes
will attempt to find computer account and remove it, regardless of what OU it is in
Usage
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate Microsoft Active Directory property group (starts with
SovLabs-AD-
)Do not attach more than 1 Microsoft Active Directory property group to a blueprint
- Check the
- Click OK
- Repeat Step 2 for all desired blueprints
Disable
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Microsoft Active Directory property group: (starts with
SovLabs-AD-
)
- Uncheck the Microsoft Active Directory property group: (starts with
- Click OK
- Repeat Step 2 for all desired blueprints
Example(s)
OU=,OU=,OU=,DC=sovlabs, DC=net
Assuming the following properties (teamID, ORGID, LOCATION) is defined on the vRA Blueprint or inherited from the Business Group or Compute Resources, etc.
The resulting OU will be: OU=development,OU=E712,OU=atl,DC=sovlabs,DC=net
Assuming:
teamID = development
ORGID = e712
LOCATION = Atlanta
BlueCat DNS
DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.
With the SovLabs BlueCat DNS for vRealize Automation, organizations who utilize BlueCat for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.
The SovLabs BlueCat DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable IPAM modules.
Quick start process
- Define BlueCat endpoint(s)
- Define DNS configuration(s)
- Provision!
Features
- Create flexible DNS configurations that include one or more BlueCat endpoints
- Supports one or more domains and networks in a single DNS configuration
- Drives advanced BlueCat features such as Custom User Fields flexibly via the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
- DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional
- DNS providers with other DNS modules from SovLabs
- Allows for independent configurations for forward and reverse records, if desired
- BlueCat endpoints can also be used with the SovLabs BlueCat IPAM module
- SovLabs DNS configurations may also be used with SovLabs network load balancer modules
- Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
- Supports up to 10 network interfaces per machine
Prerequisites
- BlueCat user on (all) BlueCats(s) with API permissions:
- Through the BlueCat web portal, go to Administration > Users and Groups
- On the top-left of the Users pane, select New > User
- In the User creation wizard:
- Type of user: Administrator
- Access type: API
- Login to the vRA tenant
- Add license for BlueCat DNS module
- Validate the following show up on the Catalog page:
- Add BlueCat Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add BlueCat Endpoint
BlueCat Endpoint
A BlueCat Endpoint is the BlueCat appliance where the DNS records are created/removed via the BlueCat API
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Host FQDN BlueCat FQDN Configuration name BlueCat's configuration name DNS view name BlueCat's DNS view name Custom User Field configurations Host Record template Add in any Custom User Fields (e.g. comments) used for BlueCat DNS IP Record template Add in any Custom User Fields (e.g. comments) used for BlueCat IPAM Endpoint Credentials Create credential? Select
Yes
to create a new credentialSelect
No
to choose from existing credentialsCredential *Only shown when 'Create credential' is No
Select the appropriate credential from an existing list of credentials
Credential configuration label *Only shown when 'Create credential' is Yes
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Only shown when 'Create credential' is Yes
Username
Password *Only shown when 'Create credential' is Yes
User's password
-
On the Catalog page, click on the Request button for: Add DNS Configuration
DNS Configuration
A naming standard is a template that generates a specific hostname
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Domains Add in all domains for this DNS configuration to support Networks Add in all the networks ( X.x.x.x/CIDR
) for this DNS configuration to supportDNS server type Select Bluecat
DNS Hosts Select all desired BlueCat endpoints Create A Records? Select Yes'
to create A RecordsCreate PTR Records? Select Yes
to create PTR RecordsCreate Host records? Select Yes
to create Host RecordsUse as default server? Select
Yes
to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)Only recommended for simple DNS configurations
Usage
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group
- Check the
- Click OK
- Repeat Step 2 for all desired blueprints
- Click on the Infrastructure tab > Reservations > Reservations
- Hover over the reservation in association with the BlueCat DNS configured domain and click Edit
- Click on the Network tab
- Check the appropriate network path and select the appropriate Network Profile from the dropdown
- Click OK
The next provisioned VM will automatically attempt to register with BlueCat DNS only if the VM is in the configured domain and network defined for BlueCat DNS
Advanced
Register with additional DNS zones for the same NIC and hostname
- Verify a DNS configuration exists for the additional DNS zones
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_AdditionalDNSSuffixes
for the Name field - For the Value field:
- Type in a list of additional DNS zones to register the host
- Must be comma separated
- Example:
zone1.com,zone2.com
- Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
Disable
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_DisableDNS
for the Name field - Type in
true
for the Value field - Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
Infoblox DNS
DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.
With the SovLabs Infoblox DNS for vRealize Automation, organizations who utilize Infoblox for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.
The SovLabs Infoblox DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable IPAM modules.
Quick start process
- Define Infoblox endpoint(s)
- Define DNS configuration(s)
- Provision!
Features
- Create flexible DNS configurations that include one or more Infoblox endpoints
- Supports one or more domains and networks in a single DNS configuration
- Drives advanced Infoblox features such as Extensible Attributes and DNS Views flexibly via the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
- DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional
- DNS providers with other DNS modules from SovLabs
- Allows for independent configurations for forward and reverse records, if desired
- Infoblox endpoints can also be used with the SovLabs Infoblox IPAM module
- SovLabs DNS configurations may also be used with SovLabs network load balancer modules
- Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
- Supports up to 10 network interfaces per machine
Prerequisites
- Infoblox user on (all) Infoblox appliance(s) with the following permissions:
- API access configured
- Add/remove Host Records, A Records and/or PTR Records
- Infoblox WAPI version must be 1.2+
Access
https://{infoblox-fqdn}/wapidoc/
and look in the upper-left corner - Login to the vRA tenant
- Add license for Infoblox DNS module
- Validate the following show up on the Catalog page:
- Add Infoblox Host
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Infoblox Host
Infoblox Host
A Infoblox host is the Infoblox appliance where the DNS records are created/removed via the Infoblox API
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Infoblox Hostname Infoblox appliance's FQDN or IP address HTTPS Select whether or not the Infoblox appliance is HTTPS
Port Normally
Infoblox appliance port443
for HTTPS and80
for HTTPUsername Infoblox user that has API access and permissions to add/remove records to/from Infoblox Password User's password WAPI Version Select
1.2
if WAPI version is less than 2.0Select
2.0
if WAPI version is 2.0 or greaterDNS view *Optional - What is the DNS view this endpoint supports? Network view *Optional - What is the Network view this endpoint supports? Advanced Options *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for each of the record types
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
-
On the Catalog page, click on the Request button for: Add DNS Configuration
DNS Configuration
A naming standard is a template that generates a specific hostname
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Domains Add in all domains for this DNS configuration to support Networks Add in all the networks ( X.x.x.x/CIDR
) for this DNS configuration to supportDNS server type Select Infoblox
DNS Hosts Select all desired Infoblox hosts Create A Records? Select Yes'
to create A RecordsCreate PTR Records? Select Yes
to create PTR RecordsCreate Host records? Select Yes
to create Host RecordsUse as default server? Select
Yes
to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)Only recommended for simple DNS configurations
Usage
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group
- Check the
- Click OK
- Repeat Step 2 for all desired blueprints
- Click on the Infrastructure tab > Reservations > Reservations
- Hover over the reservation in association with the Infoblox DNS configured domain and click Edit
- Click on the Network tab
- Check the appropriate network path and select the appropriate Network Profile from the dropdown
- Click OK
The next provisioned VM will automatically attempt to register with Infoblox DNS only if the VM is in the configured domain and network defined for Infoblox DNS
Advanced
Register with additional DNS zones for the same NIC and hostname
- Verify a DNS configuration exists for the additional DNS zones
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_AdditionalDNSSuffixes
for the Name field - For the Value field:
- Type in a list of additional DNS zones to register the host
- Must be comma separated
- Example:
zone1.com,zone2.com
- Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
Disable
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_DisableDNS
for the Name field - Type in
true
for the Value field - Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
Microsoft DNS
DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.
With the SovLabs Microsoft DNS module for vRealize Automation, organizations who utilize Microsoft for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.
The SovLabs Microsoft DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Microsoft Active Directory and interchangeable IPAM modules.
Quick start process
- Define Microsoft endpoint(s)
- Define DNS configuration(s)
- Provision!
Features
- Create flexible DNS configurations that include one or more Microsoft endpoints
- Handles simple to complex globally distributed multi-zone, multi-site MS DNS environments
- Supports one or more domains and networks in a single DNS configuration
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
- DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional DNS providers with other DNS modules from SovLabs
- Allows for independent configurations for forward and reverse records, if desired
- Microsoft endpoints can also be used with the SovLabs Microsoft IPAM and Active Directory modules
- SovLabs DNS configurations may also be used with SovLabs network load balancer modules
- Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
- Supports up to 10 network interfaces per machine
Prerequisites
- Define your domain controller server(s) and whether or not proxy servers will be used
- Install AD Webservices on all the domain controllers that will be used
- Ensure NTP is set up correctly
- Login to the vRA tenant
- Add license for Microsoft DNS module
- Validate the following show up on the Catalog page:
- Add Microsoft Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Microsoft Endpoint
Microsoft Endpoint
A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique endpoint name
Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft DNS server Hostname or IP address If 'Is this a proxy host' is set to Yes, this is the proxy server for the target DNS server
DNS server (FQDN) or IP addressUse non-standard port? Select the checkbox if WinRM
orSSH daemon
was configured to listen on a non-standard portPort *Only shown when 'Use non-standard port' is Yes
Input the non-standard port for this endpointUsername Username ( UPN format
) that has permissions to add/remove records to/from DNS serverPassword User's password Is this a proxy host? Proxy hosts are limited to the
SSH
connection method onlyChoose whether or not to utilize a proxy host to make remote commands to the target DNS server
Remote Server hostname or IP address: *Only shown when 'Is this a proxy host' is Yes
The target DNS serverAdvanced Configuration Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
Share path for temporary directory to access Define if administrative shares are not available Type in
path\share
instead of\\share-server\path\share
-
On the Catalog page, click on the Request button for: Add DNS Configuration
DNS Configuration
A naming standard is a template that generates a specific hostname
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Domains Add in all domains for this DNS configuration to support Networks Add in all the networks ( X.x.x.x/CIDR
) for this DNS configuration to supportDNS server type Select MS DNS
DNS Hosts Select all desired Microsoft endpoints Create A Records? Select Yes'
to create A RecordsCreate PTR Records? Select Yes
to create PTR RecordsUse as default server? Select
Yes
to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)Only recommended for simple DNS configurations
Usage
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group
- Check the
- Click OK
- Repeat Step 2 for all desired blueprints
- Click on the Infrastructure tab > Reservations > Reservations
- Hover over the reservation in association with the Microsoft DNS configured domain and click Edit
- Click on the Network tab
- Check the appropriate network path and select the appropriate Network Profile from the dropdown
- Click OK
The next provisioned VM will automatically attempt to register with Microsoft DNS only if the VM is in the configured domain and network defined for Microsoft DNS
Advanced
Register with additional DNS zones for the same NIC and hostname
- Verify a DNS configuration exists for the additional DNS zones
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_AdditionalDNSSuffixes
for the Name field - For the Value field:
- Type in a list of additional DNS zones to register the host
- Must be comma separated
- Example:
zone1.com,zone2.com
- Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
Disable
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_DisableDNS
for the Name field - Type in
true
for the Value field - Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
BlueCat IPAM
IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.
With the SovLabs BlueCat IPAM module for vRealize Automation, organizations who utilize BlueCat for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.
The SovLabs BlueCat IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.
Quick start process
- Define BlueCat endpoint(s)
- Define IPAM profile(s)
- Apply to existing blueprint
- Provision!
Features
- Create flexible IPAM profiles that include one or more BlueCat endpoints
- Drives advanced BlueCat features such as Custom User Fields flexibly via the SovLabs Template Engine
- Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
- IPAM profiles include basic IP information such as DNS and WINS configurations
- IPAM profiles can be pinned to specific NIC numbers
- IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
- IPAM profiles allow for a list of excluded IP addresses
- IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
- BlueCat endpoints can also be used with the SovLabs BlueCat DNS module
- SovLabs IPAM configurations may also be used with SovLabs network load balancer modules
Prerequisites
- BlueCat user on (all) BlueCats(s) with API permissions:
- Through the BlueCat web portal, go to Administration > Users and Groups
- On the top-left of the Users pane, select New > User
- In the User creation wizard:
- Type of user: Administrator
- Access type: API
- Login to the vRA tenant
- Add license for BlueCat DNS module
- Validate the following show up on the Catalog page:
- Add BlueCat Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add BlueCat Endpoint
BlueCat Endpoint
A BlueCat Endpoint is the BlueCat appliance where the DNS records are created/removed via the BlueCat API
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Host FQDN BlueCat FQDN Configuration name BlueCat's configuration name DNS view name BlueCat's DNS view name Custom User Field configurations Host Record template Add in any Custom User Fields (e.g. comments) used for BlueCat DNS IP Record template Add in any Custom User Fields (e.g. comments) used for BlueCat IPAM Endpoint Credentials Create credential? Select
Yes
to create a new credentialSelect
No
to choose from existing credentialsCredential *Only shown when 'Create credential' is No
Select the appropriate credential from an existing list of credentials
Credential configuration label *Only shown when 'Create credential' is Yes
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Only shown when 'Create credential' is Yes
Username
Password *Only shown when 'Create credential' is Yes
User's password
-
On the Catalog page, click on the Request button for: Add IPAM Profile
IPAM Profile
An IPAM profile defines necessary IPAM information
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Description *Optional - Description of IPAM profile IPAM type Select Bluecat
Provider host Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a BlueCat Endpoint
Select the desired BlueCat endpoint
Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
Gateway:X.x.x.x
NetworkName: Utilize the SovLabs Template Engine- Type in a subnet and its gateway and network name (all comma separated) into the input field
(e.g.
10.0.0.0/24, 10.0.0.1, networkName
) - Click the green to add the entry into the array
- Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1
)NIC number Enter in a NIC number ( 0-9
) for this IPAM profilePrimary DNS Input the Primary DNS Secondary DNS Input the Secondary DNS DNS suffix Input the DNS suffix DNS search suffix Input the DNS search suffix(es) (comma separated) Primary WINS Input the Primary WINS Secondary WINS Input the Secondary WINS - Type in a subnet and its gateway and network name (all comma separated) into the input field
Usage
- Login to the vRA tenant
- Click on the Infrastructure tab > Reservations > Network Profiles
- Hover over the network profile that best matches the network for this IPAM and click Edit
- On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
- Click OK
- Click on the Reservation menu item from Infrastructure tab > Reservations
- Hover over the reservation in association with the network profile from Step 3 and click Edit
- Click on the Network tab
- Uncheck all network paths
- Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
- Click OK
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate IPAM property group (starts with
SovLabs-IPAM-
and ends with-nic#
)Do not attach more than 1 IPAM property group to a blueprint
- Check the
- Click OK
- Repeat Step 7 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the IPAM property group: (starts with
SovLabs-IPAM-
and ends with-nic#
)
- Uncheck the IPAM property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
Infoblox IPAM
IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.
With the SovLabs Infoblox IPAM module for vRealize Automation, organizations who utilize Infoblox for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.
The SovLabs Infoblox IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.
Quick start process
- Define Infoblox endpoint(s)
- Define IPAM profile(s)
- Apply to existing blueprint
- Provision!
Features
- Create flexible IPAM profiles that include one or more Infoblox endpoints
- Drives advanced Infoblox features such as Extensible Attributes and DNS Views flexibly via the SovLabs Template Engine
- Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
- IPAM profiles include basic IP information such as DNS and WINS configurations
- IPAM profiles can be pinned to specific NIC numbers
- IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
- IPAM profiles allow for a list of excluded IP addresses
- IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
- Infoblox endpoints can also be used with the SovLabs Infoblox DNS module
- SovLabs IPAM configurations may also be used with SovLabs network load balancer modules
Prerequisites
- Infoblox user on (all) Infoblox appliance(s) with the following permissions:
- API access configured
- Add/remove Host Records, A Records and/or PTR Records
- Infoblox WAPI version must be 1.2+
Access
https://{infoblox-fqdn}/wapidoc/
and look in the upper-left corner - Login to the vRA tenant
- Add license for Infoblox IPAM module
- Validate the following show up on the Catalog page:
- Add Infoblox Host
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Infoblox Host
Infoblox Host
A Infoblox host is the Infoblox appliance where the DNS records are created/removed via the Infoblox API
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Infoblox Hostname Infoblox appliance's FQDN or IP address HTTPS Select whether or not the Infoblox appliance is HTTPS
Port Normally
Infoblox appliance port443
for HTTPS and80
for HTTPUsername Infoblox user that has API access and permissions to add/remove records to/from Infoblox Password User's password WAPI Version Select
1.2
if WAPI version is less than 2.0Select
2.0
if WAPI version is 2.0 or greaterDNS view *Optional - What is the DNS view this endpoint supports? Network view *Optional - What is the Network view this endpoint supports? Advanced Options *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for each of the record types
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
-
On the Catalog page, click on the Request button for: Add IPAM Profile
IPAM Profile
An IPAM profile defines necessary IPAM information
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Description *Optional - Description of IPAM profile IPAM type Select Infoblox
Provider host Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint
Select the desired Infoblox Host
Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
Gateway:X.x.x.x
NetworkName: Utilize the SovLabs Template Engine- Type in a subnet and its gateway and network name (all comma separated) into the input field
(e.g.
10.0.0.0/24, 10.0.0.1, networkName
) - Click the green to add the entry into the array
- Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1
)NIC number Enter in a NIC number ( 0-9
) for this IPAM profilePrimary DNS Input the Primary DNS Secondary DNS Input the Secondary DNS DNS suffix Input the DNS suffix DNS search suffix Input the DNS search suffix(es) (comma separated) Primary WINS Input the Primary WINS Secondary WINS Input the Secondary WINS - Type in a subnet and its gateway and network name (all comma separated) into the input field
Usage
- Login to the vRA tenant
- Click on the Infrastructure tab > Reservations > Network Profiles
- Hover over the network profile that best matches the network for this IPAM and click Edit
- On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
- Click OK
- Click on the Reservation menu item from Infrastructure tab > Reservations
- Hover over the reservation in association with the network profile from Step 3 and click Edit
- Click on the Network tab
- Uncheck all network paths
- Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
- Click OK
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate IPAM property group (starts with
SovLabs-IPAM-
and ends with-nic#
)Do not attach more than 1 IPAM property group to a blueprint
- Check the
- Click OK
- Repeat Step 7 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the IPAM property group: (starts with
SovLabs-IPAM-
and ends with-nic#
)
- Uncheck the IPAM property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
Microsoft IPAM
IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.
With the SovLabs Microsoft IPAM module for vRealize Automation, organizations who utilize Microsoft IPAM for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.
The SovLabs Microsoft IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.
Quick start process
- Define Microsoft endpoint(s)
- Define IPAM profile(s)
- Apply to existing blueprint
- Provision!
Features
- Create flexible IPAM profiles that include one or more Microsoft endpoints
- Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
- IPAM profiles include basic IP information such as DNS and WINS configurations
- IPAM profiles can be pinned to specific NIC numbers
- IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
- IPAM profiles allow for a list of excluded IP addresses
- IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
- Microsoft endpoints can also be used with the SovLabs Microsoft DNS and Active Directory modules
- SovLabs IPAM configurations may also be used with SovLabs network load balancer modules
Prerequisites
- Install IPAM client on Microsoft IPAM (target or proxy) server:
- Server Manager > Manage > Add Roles and Features
- Accept defaults and click Next until the Features option
- Expand Remote Server Administration Tools > expand Feature Administration Tools
- Select IP Address Management (IPAM) Client
- Confirm and click Install
- Enable non-local administrators to run IPAM cmdlets
- Refer to the last section: Enable non-local administrators to run IPAM cmdlets via IPAM Server Cmdlets in Windows PowerShell
- Login to the vRA tenant
- Add license for Microsoft IPAM module
- Validate the following show up on the Catalog page:
- Add Microsoft Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Microsoft Endpoint
Microsoft Endpoint
A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique endpoint name
Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft IPAM server Hostname or IP address If 'Is this a proxy host' is set to Yes, this is the proxy server for the target IPAM server
IPAM server (FQDN) or IP addressUse non-standard port? Select the checkbox if WinRM
orSSH daemon
was configured to listen on a non-standard portPort *Only shown when 'Use non-standard port' is Yes
Input the non-standard port for this endpointUsername Username ( UPN format
) that has permissions to add/remove records to/from IPAM serverPassword User's password Is this a proxy host? Proxy hosts are limited to the
SSH
connection method onlyChoose whether or not to utilize a proxy host to make remote commands to the target IPAM server
Remote Server hostname or IP address: *Only shown when 'Is this a proxy host' is Yes
The target IPAM serverAdvanced Configuration Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
Share path for temporary directory to access Define if administrative shares are not available Type in
path\share
instead of\\share-server\path\share
-
On the Catalog page, click on the Request button for: Add IPAM Profile
IPAM Profile
An IPAM profile defines necessary IPAM information
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Description *Optional - Description of IPAM profile IPAM type Select Microsoft
Provider host Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint
Select the desired Microsoft Endpoint
Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
Gateway:X.x.x.x
NetworkName: Utilize the SovLabs Template Engine- Type in a subnet and its gateway and network name (all comma separated) into the input field
(e.g.
10.0.0.0/24, 10.0.0.1, networkName
) - Click the green to add the entry into the array
- Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1
)NIC number Enter in a NIC number ( 0-9
) for this IPAM profilePrimary DNS Input the Primary DNS Secondary DNS Input the Secondary DNS DNS suffix Input the DNS suffix DNS search suffix Input the DNS search suffix(es) (comma separated) Primary WINS Input the Primary WINS Secondary WINS Input the Secondary WINS - Type in a subnet and its gateway and network name (all comma separated) into the input field
Usage
- Login to the vRA tenant
- Click on the Infrastructure tab > Reservations > Network Profiles
- Hover over the network profile that best matches the network for this IPAM and click Edit
- On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
- Click OK
- Click on the Reservation menu item from Infrastructure tab > Reservations
- Hover over the reservation in association with the network profile from Step 3 and click Edit
- Click on the Network tab
- Uncheck all network paths
- Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
- Click OK
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate IPAM property group (starts with
SovLabs-IPAM-
and ends with-nic#
)Do not attach more than 1 IPAM property group to a blueprint
- Check the
- Click OK
- Repeat Step 7 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the IPAM property group: (starts with
SovLabs-IPAM-
and ends with-nic#
)
- Uncheck the IPAM property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
SolarWinds IPAM
IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.
With the SovLabs SolarWinds IPAM module for vRealize Automation, organizations who utilize SolarWinds for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.
The SovLabs SolarWinds IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.
Quick start process
- Define SolarWind database endpoint(s)
- Define IPAM profile(s)
- Apply to existing blueprint
- Provision!
Features
- Create flexible IPAM profiles that include a SolarWinds database endpoint
- Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
- Option to set 'Scan IP' in SolarWinds to false for the reserved IP address
- Option to set 'Comment' in SolarWinds for the reserved IP address
- IPAM profiles include basic IP information such as DNS and WINS configurations
- IPAM profiles can be pinned to specific NIC numbers
- IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
- IPAM profiles allow for a list of excluded IP addresses
- IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
- IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
- SovLabs IPAM configurations may also be used with SovLabs network load balancer modules
Prerequisites
- Database credentials for the SolarWinds database with permissions to execute
SET
/GET
queries - Login to the vRA tenant
- Add license for SolarWinds IPAM module
- Validate the following show up on the Catalog page:
- Add SolarWinds Database Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add SolarWinds Database Endpoint
SolarWinds Database Endpoint
A SolarWinds database endpoint is the target SolarWinds database
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique endpoint name
Database Hostname FQDN or IP address of server where SolarWinds database resides Database Name SolarWinds Database name (normally SolarWindsOrion
by defaultDatabase Port Defaulted to be 1433
Set skip scan? Option to skip IP scanning for a used IP in SolarWinds IPAM comment field Set the comment field in SolarWinds IPAM Database Credentials Create credential? Select
Yes
to create a new credentialSelect
No
to choose from existing credentialsCredential *Only shown when 'Create credential' is No
Select the appropriate credential from an existing list of credentials
Credential configuration label *Only shown when 'Create credential' is Yes
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Only shown when 'Create credential' is Yes
Username
Password *Only shown when 'Create credential' is Yes
User's password
-
On the Catalog page, click on the Request button for: Add IPAM Profile
IPAM Profile
An IPAM profile defines necessary IPAM information
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Description *Optional - Description of IPAM profile IPAM type Select Solarwinds
Provider host Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint
Select the desired SolarWinds Database Endpoint
Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
Gateway:X.x.x.x
NetworkName: Utilize the SovLabs Template Engine- Type in a subnet and its gateway and network name (all comma separated) into the input field
(e.g.
10.0.0.0/24, 10.0.0.1, networkName
) - Click the green to add the entry into the array
- Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1
)NIC number Enter in a NIC number ( 0-9
) for this IPAM profilePrimary DNS Input the Primary DNS Secondary DNS Input the Secondary DNS DNS suffix Input the DNS suffix DNS search suffix Input the DNS search suffix(es) (comma separated) Primary WINS Input the Primary WINS Secondary WINS Input the Secondary WINS - Type in a subnet and its gateway and network name (all comma separated) into the input field
Usage
- Login to the vRA tenant
- Click on the Infrastructure tab > Reservations > Network Profiles
- Hover over the network profile that best matches the network for this IPAM and click Edit
- On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
- Click OK
- Click on the Reservation menu item from Infrastructure tab > Reservations
- Hover over the reservation in association with the network profile from Step 3 and click Edit
- Click on the Network tab
- Uncheck all network paths
- Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
- Click OK
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate IPAM property group (starts with
SovLabs-IPAM-
and ends with-nic#
)Do not attach more than 1 IPAM property group to a blueprint
- Check the
- Click OK
- Repeat Step 7 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the IPAM property group: (starts with
SovLabs-IPAM-
and ends with-nic#
)
- Uncheck the IPAM property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
Multi-Cloud Docker Container Mgmt with Nirmata
While containers have been around a long time, recent innovations from Docker, Inc. and their ecosystem are driving mass adoption.
Containers provide standards based packaging and runtime management for application components. Containers are fast to deploy and make efficient use of system resources. Developers get application portability and programmable image management, while the operations team gets standard runtime units for deployment and management.
All of the above equals agility, speed and potential cost savings around public cloud deployments.
The SovLabs Multi-Cloud Docker Container Management Module, powered by Nirmata, gives both IT and Development teams self-service deployment capabilities for their containerized apps, directly from the vRealize Automation catalog. It’s never been easier to deliver and manage containerized applications across public and private clouds, and connected devices.
Quick start process
- Define Nirmata endpoint(s)
- Define Nirmata Agent configuration(s)
- Optionally, boot strap configurations for container hosts deployed from vRA
- Apply to existing blueprint
- Provision to deploy apps or container hosts!
Features
- Flexibly deploy containerized applications across multiple supported private and public cloud platforms, including: Azure, AWS, Google, Cisco Intercloud/Metapod, Digital Ocean, vSphere, vCloud Air, OpenStack
- Additional support for other public, private and bare metal (physical) servers utilizing the “Other Cloud Providers” type
- Provision/De-provision container hosts directly from vRA for vRA supported IaaS blueprints (e.g. vSphere, AWS, etc.)
- Directly manage scale-up or scale-down of cloud instances from a single request, instantly adjusting existing cluster size of host groups of supported provider types
- The Nirmata Cloud Service includes several capabilities including rich application blueprints, granular policies, flexible deployments, auto scaling & recovery, continuous delivery, service discovery, load balancing, integrated monitoring, real-time analytics
- Single request deployment from vRA: pick the app, provider/host group and deploy instantly!
- Get started with Nirmata quickly: nothing to deploy, install or upgrade. On-board your cloud resources and start deploying your applications in minutes!
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
Prerequisites
- Nirmata is properly configured
- Have an account with Nirmata
- Set up Host Groups and Environments in Nirmata
- Set up any applications to be deployed from Nirmata
- Login to the vRA tenant
- Add license for Multi-cloud Docker Container Management with Nirmata module
- Validate the following show up on the Catalog page:
- Add Nirmata Endpoint
- Add Nirmata Agent
- Deploy Nirmata app environment
- Destroy Nirmata app environment
- Update Nirmata host group
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Nirmata Endpoint
Nirmata Endpoint
A Nirmata Endpoint is a target Nirmata server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Host URL URL to Nirmata host Create Authorization? Select
No
to choose from existing authorizationsSelect
Yes
to create a new authorizationAuthentication *Only shown when 'Create Authorization' is No
Select the appropriate authentication from an existing list of authentications
Authentication configuration label *Only shown when 'Create Authenticaiton' is Yes
Unique name for authentication.
*Only AlphaNumeric characters, no special characters nor spaces except:-
and_
Username *Only shown when 'Create Authorization' is Yes
Username
Password *Only shown when 'Create Authorization' is Yes
User's password
-
On the Catalog page, click on the Request button for: Add Nirmata Agent
Add Nirmata Agent
A Nirmata Agent is ...
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Nirmata endpoint Select the desired Nirmata endpoint Host group Auto-populated based on the Nirmata endpoint selected
Select the desired host group
Install script Modify the install script as necessary
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate Multi-Cloud Docker Container Management with Nirmata property group (starts with
SovLabs-Nirmata-
)Do not attach more than 1 Multi-Cloud Docker Container Management with Nirmata property group to a blueprint
- Check the
- Click OK
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Multi-Cloud Docker Container Management with Nirmata property group: (starts with
SovLabs-Nirmata-
)
- Uncheck the Multi-Cloud Docker Container Management with Nirmata property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
Puppet Enterprise
The SovLabs Puppet Enterprise Module increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management and vRealize Automation’s provisioning and lifecycle management capabilities.
Quick start process
- Define Puppet Master(s)
- Define Puppet Agent configuration(s)
- Apply to existing blueprint
- Provision!
Features
- Supports node classification support for Hiera, Manifest files and Puppet Enterprise Console
- Creates node in the Puppet Enterprise Console and assigns node to class(es) and group(s)
- Installs Puppet Agent, configures puppet.conf, creates Hiera data and local Facter facts, if desired
- Supports Hiera-Eyaml for automatic encryption of sensitive data such as passwords and certificates
- Supports certificate signing/cleaning or Puppet auto-sign scenarios
- Eases portability between private and public cloud scenarios: agentless, OS native protocols
- Supports code manager, r10k and custom deployment/code promotion scenarios and pre/post activities via inline command definitions
- Ties in existing custom vRO workflow content via workflow hooks
- Supports simple or distributed Puppet implementations
- Supports creation of multiple Puppet Master and Puppet Agent configurations as needed
- Delivers dozens to thousands of Puppet deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
Prerequisites
-
Create Puppet Certificate and Update Puppet Console configuration
Create the certificate on the Puppet CA that will be used for communication with the Puppet Console API and the Puppet CA API. This is the certificate that will be configured in your Puppet Master module for certificate authentication from the CMP to the Puppet console. In order for the Puppet console API to accept the certificate, the configurations below need to be made.
Perform the following for each Puppet CA utilized
Puppet Enterprise v3.8.1
In the following instructions, replace
CERTNAME
with the name you wish to identify the automation account with, we recommendvrosvc
- Login to the Puppet CA
- Type in
su -
- Create a certificate key:
puppet cert generate CERTNAME
- Modify the
certificate_authority.pp
:- Type in
vi /opt/puppet/share/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
- Find the following in the file and replace
CERTNAME
accordingly. If the following section does not already exist, copy and paste into the header of the file:class puppet_enterprise::profile::certificate_authority ( Array[String] $client_whitelist = [ CERTNAME ] )
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Modify
auth.conf
:- Type in
vi /etc/puppetlabs/puppet/auth.conf
- Find the following in the file and replace
CERTNAME
accordingly. If the following section does not already exist, copy and paste into the header of the file:path /certificate_status method find, save, search auth yes allow CERTNAME
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Modify the
rbac-certificate-whitelist
:- Type in
vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
- Add
CERTNAME
to the end of the file - Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Restart necessary services by typing in:
puppet agent -t
Puppet Enterprise v4.x+
In the following instructions, replace
CERTNAME
with the name you wish to identify the automation account with, we recommendvrosvc
- Login to the Puppet CA
- Type in
su -
- Create a certificate key:
puppet cert generate CERTNAME
- Modify the
certificate_authority.pp
:- Type in
vi /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
- Find the following in the file and replace
CERTNAME
accordingly. If the following section does not already exist, copy and paste into the header of the file:class puppet_enterprise::profile::certificate_authority ( Array[String] $client_whitelist = [ CERTNAME ] )
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Modify
auth.conf
:- Type in
vi /etc/puppetlabs/puppetserver/conf.d/auth.conf
- Find the following in the file and replace
CERTNAME
accordingly. If the following section does not already exist, copy and paste into the header of the file:{ "allow" : [ "pe-internal-dashboard", CERTNAME ], "match-request" : { "method" : [ "get", "put", "delete" ], "path" : "/puppet-ca/v1/certificate_status", "query-params" : {}, "type" : "path" }, "name" : "puppetlabs certificate status", "sort-order" : 500 }
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Modify the
rbac-certificate-whitelist
:- Type in
vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
- Add
CERTNAME
to the end of the file - Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Restart necessary services by typing in:
sudo service pe-console-services restart
- Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
root
with SSH keysroot
with password- Service account with
sudo
permissions
- Collect the appropriate keys from the Puppet Master:
Replace
CERTNAME
with the name identified in Step 1 (e.g.vrosvc
)Type Location CA Certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt
Service Account Certificate /etc/puppetlabs/puppet/ssl/certs/CERTNAME
Service Account Private Key /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME
- If any Puppet Agents are Windows OS:
- Set up WinRM on a vRA blueprint
- Ensure NTP is set up correctly
- Login to the vRA tenant
- Add license for Puppet Enterprise module
- Validate the following show up on the Catalog page:
- Add Puppet Master Configuration
- Add Puppet Agent Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Puppet Master Configuration
Puppet Master Configuration
A Puppet Master Configuration is a target Puppet Master
General Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Puppet Master version Select the Puppet Master version Puppet Master connection configuration Puppet Master OS Family Currently, only allows for unix
Puppet Master Hostname Hostname of Puppet Master in FQDN format Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
Directory for temporary scripts Directory to put temporary scripts on the Puppet Master Connection method Currently, only allows for SSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has root/sudo permissions to the Puppet Master Password *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordConsole configuration Console Hostname Puppet Console server in FQDN format Console Port Port the Puppet Console listens on, defaults to 4433
Console OS Family Currently only allows for unix
Directory for temporary scripts Directory to put temporary scripts on the Console Connection method Currently only allows for SSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has admin
permissions to the Puppet ConsolePassword *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordCompile Masters Use separate Compile Masters? Select Yes
to define Compile MastersCompile Masters Hostnames *Only shown when 'Use separate Compile Masters' is Yes
Input the Compile Master(s) in FQDN formatCompile Masters OS Family *Only shown when 'Use separate Compile Masters' is Yes
Currently only allows forunix
Directory for temporary scripts *Only shown when 'Use separate Compile Masters' is Yes
Directory to put temporary scripts on the Compile MastersConnection method *Only shown when 'Use separate Compile Masters' is Yes
Currently only allows forSSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has root
orsudo
permissions to the Compile Master(s)Password *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordDatabase configuration Use separate database? Select Yes
to define databaseDatabase hostname *Only shown when 'Use separate database' is Yes
Database hostname in FQDN formatDatabase OS Family *Only shown when 'Use separate database' is Yes
Currently only allows forunix
Directory for temporary scripts *Only shown when 'Use separate database' is Yes
Directory to put temporary scripts on the databaseConnection method *Only shown when 'Use separate database' is Yes
Currently only allows forSSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has root
orsudo
permissions to the Puppet databasePassword *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordGroup configuration Parent Group Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under Can be templated: SovLabs Template Engine
Parent Group Environment The parent group environment Can be templated: SovLabs Template Engine
Group name template Template for the group name Can be templated: SovLabs Template Engine
Certificate PEM files API Certificate Puppet API Certificate PEM file
Puppet Master:
/etc/puppetlabs/puppet/ssl/certs/CERTNAME
API RSA Private Key Puppet API RSA Private Key PEM file
Puppet Master:
/etc/puppetlabs/puppet/ssl/private_keys/CERTNAME
API CA Certificate Puppet Master: /etc/puppetlabs/puppet/ssl/ca/ca_crt
Certificate Authority Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If 'Yes', skips signing the certificate Certificate Authority Hostname Puppet Certificate Authority Hostname (FQDN) Certificate Authority Port Port the Puppet Certificate Authority listens on, defaults to 8140
API CA Certificate Puppet API Certificate Authority Certificate Hiera node data configuration Create hiera node data? Select 'Yes' to create hiera node data Hiera node data format *Only shown when Create hiera node data is 'Yes'
Hiera node data formatHiera node data filename *Only shown when Create hiera node data is 'Yes'
Filename for hiera node dataCan be templated: SovLabs Template Engine
Hiera node data template *Only shown when Create hiera node data is 'Yes'
Hiera data templateCan be templated: SovLabs Template Engine
Hiera eyaml Public Key *Only shown when Hiera node data format is
Hiera eyaml public keyeyaml
Additional configuration *Only shown when Create hiera node data is 'Yes'
Hiera on Puppet Master server? Select 'No' if the hiera server is on a different server from the Puppet Master Hiera Hostname *Only shown when Hiera on Puppet Master server is 'No'
Hiera Hostname (FQDN)Hiera OS Family *Only shown when Hiera on Puppet Master server is 'No'
Hiera OS typeDirectory for temporary scripts *Only shown when Hiera on Puppet Master server is 'No'
Directory to put temporary scripts on the Hiera serverHiera connection method *Only shown when Hiera on Puppet Master server is 'No'
Select the connection methodHiera Username *Only shown when Hiera on Puppet Master server is 'No'
Username (UPN format) that has permissions to the Hiera serverHiera SSH Key used? *Only shown when Hiera Connection Method is
Select 'Yes' to use an SSH keySSH
orWinSSHD
Hiera Password *Only shown when Hiera Connection Method is
Username's passwordwinrm
or Hiera SSH Key used is 'No'Hiera SSH Key *Only shown when SSH key used is 'Yes'
SSH KeyHiera SSH Key password protected? *Only shown when SSH key used is 'Yes'
Select 'Yes' if the SSH key is password protectedHiera SSH Key Password *Only shown when SSH key used is 'Yes' and SSH key password protected is 'Yes'
SSH Key password*Entire section is only shown when Create hiera node data is 'Yes'
Hiera pre-create script Hiera pre-create script Script to execute prior to creating the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-create script arguments Script arguments, if any Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-create script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute prior to creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-create script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera pre-create script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera post-create script Hiera post-create script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Hiera post-create script arguments Script arguments, if any Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera post-create script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute after creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera post-create script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera post-create script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera pre-delete script Hiera pre-delete script Script to execute prior to deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-delete script arguments Script arguments, if any Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-delete script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute prior to deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-delete script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera pre-delete script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera post-delete script Hiera post-delete script Script to execute after deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera post-delete script arguments Script arguments, if any Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
Compile MastersHiera post-delete script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute after deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile MastersHiera post-delete script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera post-delete script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Purge node script Script purge the node Can be templated: SovLabs Template Engine
Purge node script arguments Script arguments, if any Purge node script interpreter Script interpreter, e.g. /bin/bash
Compile Masters *Only shown when Use separate Compile Masters is 'Yes'
Compile Masters Purge node script Script purge the node Can be templated: SovLabs Template Engine
Compile Masters Purge node script arguments Script arguments, if any Compile Masters Purge node script interpreter Script interpreter, e.g. /bin/bash
Console Purge node console script Script purge the node Can be templated: SovLabs Template Engine
Purge node console script arguments Script arguments, if any Purge node console script interpreter Script interpreter, e.g. /bin/bash
Database *Only shown when Use separate database is 'Yes'
Purge node database script Script purge the node Can be templated: SovLabs Template Engine
Purge node database script arguments Script arguments, if any Purge node database script interpreter Script interpreter, e.g. /bin/bash
-
On the Catalog page, click on the Request button for: Add Puppet Agent Configuration
Puppet Agent Configuration
A Puppet Agent configuration defines the Puppet Agent settings
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Puppet version Select the Puppet Agent version Puppet environment Provisioned node environment Can be templated: SovLabs Template Engine
OS Family for provisioned nodes unix
orwindows
Directory for temporary scripts Directory to put temporary scripts on the provisioned node puppet.conf configuration puppet.conf file content Contents of puppet.conf
file - if left blank, thepuppet.conf
will not be updated on the provisioned nodeCan be templated: SovLabs Template Engine
puppet.conf filename Can be templated: SovLabs Template Engine
Connection configuration Connection method SSH
for unixcygwinssh
,winrm
orWinSSHD
for Windows
Username Username ( UPN
format) that has permissions to login to the provisioned nodeSSH Key used? Only shown when connection method is
Select 'Yes' to use an SSH keySSH
orWinSSHD
Password Only shown when SSH key used is No
Username's passwordSSH Key Only shown when SSH key used is Yes
SSH KeySSH Key password protected? Only shown when SSH key used is Yes
SelectYes
if the SSH key is password protectedSSH Key Password Only shown when SSH key used is Yes and SSH key password protected is Yes
SSH Key passwordFacter files Facter facts template Template of the facter facts Warning: Facter facts file contents does not support encryption
Can be templated: SovLabs Template Engine
Facter facts format Format for the Facter facts file Facter facts filename Can be templated: SovLabs Template Engine
Classes Classes Add existing classes in Puppet Console for provisioned node to join Can be templated: SovLabs Template Engine
{ "sudo":{} }
No parameters
{ “sudo”: {"param1": "val1", "param2": "val2"}}
With 2 parameters
{ "sudo" : {}, "apache": {} }
No parameters
{ { "sudo": {"param1": "val1", "param2": "val2"}} , { "apache": {"param1": "val1", "param2": "val2"}} }
With 2 parameters
Custom group name When classes are defined, creates a custom group with this specified name Can be templated: SovLabs Template Engine
Groups Groups Add existing groups in Puppet Console for provisioned node to join Can be templated: SovLabs Template Engine
Installer file(s) Source Installer file Define source installer file (for Windows Puppet Agent) Destination Installer file Define destination installer file (for Windows Puppet Agent) Install Puppet on a node script Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed Can be templated: SovLabs Template Engine
Install script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Install script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpretersMax retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content Run Puppet Script Run Puppet script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Run Puppet script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Run Puppet script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpretersRun Puppet script validation Run Puppet script success exit codes Success exit codes. List multiple exit codes comma separated
Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Run Puppet script validation prior to certificate being signed Pre-certificate success exit codes Success exit codes. List multiple exit codes comma separated
Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Final Run Puppet script validation Final Puppet Run script success exit codes Success exit codes. List multiple exit codes comma separated
Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Post script Script to execute after the final Puppet Run Can be templated: SovLabs Template Engine
Post script arguments Script arguments, if any Post script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpretersPost script validation Post script success exit codes Success exit codes. List multiple exit codes comma separated
Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Pre-Puppet Remove script Script to run prior to removing Puppet from node Can be templated: SovLabs Template Engine
Pre-Puppet Remove script arguments Script arguments, if any Pre-Puppet Remove script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpreters
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the Puppet Enterprise property groups:
- Puppet Master: starts with
SovLabs-PuppetMaster-
- Puppet Agent: starts with
SovLabs-PuppetAgent
Do not attach more than 1 set of Puppet Master/Puppet Agent property groups to a blueprint
- Puppet Master: starts with
- Check the
- Click OK
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Puppet Enterprise property groups:
- Puppet Master: starts with
SovLabs-PuppetMaster-
- Puppet Agent: starts with
SovLabs-PuppetAgent
- Puppet Master: starts with
- Uncheck the Puppet Enterprise property groups:
- Click OK
- Repeat Step 3 for all desired blueprints
Puppet Open Source with Foreman
The SovLabs Puppet Open Source with Foreman Module increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management together with the option to utilize Foreman for the Dashboard and Node Classifier.
Quick start process
- Define Puppet Open Source with Foreman Master(s)
- Define Puppet Open Source with Foreman Agent configuration(s)
- Apply to existing blueprint
- Provision!
Features
- Supports node classification support for Hiera, Manifest files and Foreman
- Optionally creates node in Foreman and assigns node to an existing group
- Supports multiple versions of Puppet Open Source and Foreman
- Installs Puppet Agent, configures puppet.conf, creates Hiera data and local Facter facts, if desired
- Supports certificate signing/cleaning or Puppet auto-sign scenarios
- Eases portability between private and public cloud scenarios: agentless, OS native protocols
- Supports custom deployment/code promotion scenarios and pre/post activities via inline command definitions
- Ties in existing custom vRO workflow content via workflow hooks
- Supports simple or distributed Puppet implementations
- Supports creation of multiple Foreman, Puppet Master and Puppet Agent configurations as needed
- Delivers dozens to thousands of Puppet deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
Prerequisites
-
Create Puppet Certificate and Update Puppet Console configuration
Create the certificate on the Puppet CA that will be used for communication with the Foreman API and the Puppet CA API.
Perform the following for each Puppet CA utilized
Puppet Open Source v3.8.x
In the following instructions, replace
CERTNAME
with the name you wish to identify the automation account with, we recommendvrosvc
- Login to the Puppet CA
- Type in
su -
- Create a certificate key:
puppet cert generate CERTNAME
- Modify
auth.conf
:- Type in
vi /etc/puppet/auth.conf
- Find the following in the file and replace
CERTNAME
accordingly. If the following section does not already exist, copy and paste into the header of the file:path /certificate_status method find, save, search auth yes allow CERTNAME
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Restart necessary services by typing in:
service puppet restart
- Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
root
with SSH keysroot
with password- Service account with
sudo
permissions
- Collect the appropriate keys from the Puppet Master:
Replace
CERTNAME
with the name identified in Step 1 (e.g.vrosvc
)Type Location CA Certificate /var/lib/puppet/ssl/ca/ca_crt.pem
Service Account Certificate /var/lib/puppet/ssl/certs/CERTNAME.pem
Service Account Private Key /var/lib/puppet/ssl/private_keys/CERTNAME.pem
- If any Puppet Agents are Windows OS:
- Set up WinRM on a vRA blueprint
- Ensure NTP is set up correctly
- Login to the vRA tenant
- Add license for Puppet Open Source with Foreman module
- Validate the following show up on the Catalog page:
- Add Foreman Master Configuration
- Add Foreman Agent Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Foreman Master Configuration
Foreman Master Configuration
A Foreman Master Configuration is a target Foreman Master
General Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Puppet Open Source with Foreman version Select the Puppet Open Source with Foreman version Foreman configuration Foreman Hostname Foreman hostname in FQDN formaat Foreman Port Port for Foreman, defaults to 443
Username Foreman username with admin
permissionsPassword User's password Puppet Master connection configuration Puppet Master OS Family Currently, only allows for unix
Puppet Master Hostname Hostname of Puppet Master in FQDN format Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
Directory for temporary scripts Directory to put temporary scripts on the Puppet Master Connection method Currently, only allows for SSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has root/sudo permissions to the Puppet Master Password *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordCompile Masters Hostnames *Only shown when 'Use separate Compile Masters' is Yes
Input the Compile Master(s) in FQDN formatCompile Masters OS Family *Only shown when 'Use separate Compile Masters' is Yes
Currently only allows forunix
Directory for temporary scripts *Only shown when 'Use separate Compile Masters' is Yes
Directory to put temporary scripts on the Compile MastersConnection method *Only shown when 'Use separate Compile Masters' is Yes
Currently only allows forSSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has root
orsudo
permissions to the Compile Master(s)Password *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordDatabase configuration Use separate database? Select Yes
to define databaseDatabase hostname *Only shown when 'Use separate database' is Yes
Database hostname in FQDN formatDatabase OS Family *Only shown when 'Use separate database' is Yes
Currently only allows forunix
Directory for temporary scripts *Only shown when 'Use separate database' is Yes
Directory to put temporary scripts on the databaseConnection method *Only shown when 'Use separate database' is Yes
Currently only allows forSSH
SSH Key used? Select Yes
to use an SSH keyUsername Username that has root
orsudo
permissions to the Puppet databasePassword *Only shown when 'SSH key used' is No
User's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key password protected? *Only shown when 'SSH key used' is Yes
Select 'Yes' if the SSH key is password protectedSSH Key Password *Only shown when 'SSH key used' and 'SSH key password protected' are Yes
SSH Key passwordCertificate PEM files API Certificate Puppet API Certificate PEM file Puppet Master:
/var/lib/puppet/ssl/certs/CERTNAME.pem
API RSA Private Key Puppet API RSA Private Key PEM file Puppet Master:
/var/lib/puppet/ssl/private_keys/CERTNAME.pem
API CA Certificate Puppet API CA file Puppet Master:
/var/lib/puppet/ssl/ca/ca_crt.pem
Certificate Authority Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If 'Yes', skips signing the certificate Certificate Authority Hostname Puppet Certificate Authority Hostname (FQDN) Certificate Authority Port Port the Puppet Certificate Authority listens on, defaults to 8140
API CA Certificate Puppet API Certificate Authority Certificate Hiera node data configuration Create hiera node data? Select 'Yes' to create hiera node data Hiera node data format *Only shown when Create hiera node data is 'Yes'
Hiera node data formatHiera node data filename *Only shown when Create hiera node data is 'Yes'
Filename for hiera node dataCan be templated: SovLabs Template Engine
Hiera node data template *Only shown when Create hiera node data is 'Yes'
Hiera data templateCan be templated: SovLabs Template Engine
Hiera eyaml Public Key *Only shown when Hiera node data format is
Hiera eyaml public keyeyaml
Additional configuration *Only shown when Create hiera node data is 'Yes'
Hiera on Puppet Master server? Select 'No' if the hiera server is on a different server from the Puppet Master Hiera Hostname *Only shown when Hiera on Puppet Master server is 'No'
Hiera Hostname (FQDN)Hiera OS Family *Only shown when Hiera on Puppet Master server is 'No'
Hiera OS typeDirectory for temporary scripts *Only shown when Hiera on Puppet Master server is 'No'
Directory to put temporary scripts on the Hiera serverHiera connection method *Only shown when Hiera on Puppet Master server is 'No'
Select the connection methodHiera Username *Only shown when Hiera on Puppet Master server is 'No'
Username (UPN format) that has permissions to the Hiera serverHiera SSH Key used? *Only shown when Hiera Connection Method is
Select 'Yes' to use an SSH keySSH
orWinSSHD
Hiera Password *Only shown when Hiera Connection Method is
Username's passwordwinrm
or Hiera SSH Key used is 'No'Hiera SSH Key *Only shown when SSH key used is 'Yes'
SSH KeyHiera SSH Key password protected? *Only shown when SSH key used is 'Yes'
Select 'Yes' if the SSH key is password protectedHiera SSH Key Password *Only shown when SSH key used is 'Yes' and SSH key password protected is 'Yes'
SSH Key password*Entire section is only shown when Create hiera node data is 'Yes'
Hiera pre-create script Hiera pre-create script Script to execute prior to creating the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-create script arguments Script arguments, if any Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-create script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute prior to creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-create script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera pre-create script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera post-create script Hiera post-create script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Hiera post-create script arguments Script arguments, if any Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera post-create script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute after creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera post-create script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera post-create script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera pre-delete script Hiera pre-delete script Script to execute prior to deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-delete script arguments Script arguments, if any Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-delete script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute prior to deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-delete script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera pre-delete script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera post-delete script Hiera post-delete script Script to execute after deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera post-delete script arguments Script arguments, if any Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
Compile MastersHiera post-delete script *Only shown when Use separate Compile Masters is 'Yes'
Script to execute after deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile MastersHiera post-delete script arguments *Only shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera post-delete script interpreter *Only shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Purge node script Script purge the node Can be templated: SovLabs Template Engine
Purge node script arguments Script arguments, if any Purge node script interpreter Script interpreter, e.g. /bin/bash
-
On the Catalog page, click on the Request button for: Add Foreman Agent Configuration
Foreman Agent Configuration
A Foreman Agent configuration defines the Puppet Open Source with Foreman Agent settings
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Puppet Open Source with Foreman version Select the Puppet Open Source / Foreman version Puppet environment Provisioned node environment Can be templated: SovLabs Template Engine
OS Family for provisioned nodes unix
orwindows
Directory for temporary scripts Directory to put temporary scripts on the provisioned node puppet.conf configuration puppet.conf file content Contents of puppet.conf
file - if left blank, thepuppet.conf
will not be updated on the provisioned nodeCan be templated: SovLabs Template Engine
puppet.conf filename Can be templated: SovLabs Template Engine
Connection configuration Connection method SSH
for unixcygwinssh
,winrm
orWinSSHD
for Windows
Username Username ( UPN
format) that has permissions to login to the provisioned nodeSSH Key used? Only shown when connection method is
Select 'Yes' to use an SSH keySSH
orWinSSHD
Password Only shown when SSH key used is No
Username's passwordSSH Key Only shown when SSH key used is Yes
SSH KeySSH Key password protected? Only shown when SSH key used is Yes
SelectYes
if the SSH key is password protectedSSH Key Password Only shown when SSH key used is Yes and SSH key password protected is Yes
SSH Key passwordFacter files Facter facts template Template of the facter facts Warning: Facter facts file contents does not support encryption
Can be templated: SovLabs Template Engine
Facter facts format Format for the Facter facts file Facter facts filename Can be templated: SovLabs Template Engine
Classes Classes Add existing classes in Puppet Console for provisioned node to join Can be templated: SovLabs Template Engine
Host Group Host Group Add existing host group in Foreman for provisioned node to join Can be templated: SovLabs Template Engine
Installer file(s) Source Installer file Define source installer file (for Windows Puppet Agent) Destination Installer file Define destination installer file (for Windows Puppet Agent) Install Puppet on a node script Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed Can be templated: SovLabs Template Engine
Install script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Install script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpretersMax retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content Run Puppet Script Run Puppet script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Run Puppet script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Run Puppet script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpretersRun Puppet script validation Run Puppet script success exit codes Success exit codes. List multiple exit codes comma separated
Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Run Puppet script validation prior to certificate being signed Pre-certificate success exit codes Success exit codes. List multiple exit codes comma separated
Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Final Run Puppet script validation Final Puppet Run script success exit codes Success exit codes. List multiple exit codes comma separated
Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Post script Script to execute after the final Puppet Run Can be templated: SovLabs Template Engine
Post script arguments Script arguments, if any Post script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpretersPost script validation Post script success exit codes Success exit codes. List multiple exit codes comma separated
Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Pre-Puppet Remove script Script to run prior to removing Puppet from node Can be templated: SovLabs Template Engine
Pre-Puppet Remove script arguments Script arguments, if any Pre-Puppet Remove script interpreter Script interpreter, e.g.
/bin/bash
For Windows, only
powershell
andbat
are valid interpreters
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the Puppet Open Source with Foreman property groups:
- Puppet Master: starts with
SovLabs-ForemanMaster-
- Puppet Agent: starts with
SovLabs-ForemanAgent-
Do not attach more than 1 set of Foreman Master / Foreman Agent property groups to a blueprint
- Puppet Master: starts with
- Check the
- Click OK
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Puppet Open Source with Foreman property groups:
- Puppet Master: starts with
SovLabs-ForemanMaster-
- Puppet Agent: starts with
SovLabs-ForemanAgent-
- Puppet Master: starts with
- Uncheck the Puppet Open Source with Foreman property groups:
- Click OK
- Repeat Step 3 for all desired blueprints
ServiceNow CMDB
Allows customers to dynamically drive ServiceNow CMDB record creation/removal as part of server provisioning/de-provisioning
- Adds and removes CMDB records to/from ServiceNow
- Add and remove via Import Sets to drive additional functionality in ServiceNow
- Validate that the
OS
vRA custom property is added to the vRA blueprint(s) and set to the appropriate value - Utilizes SovLabs Template Engine
- Utilizes vRA properties (e.g. properties defined on the Blueprint, Compute Resource, and/or Business Group)
- Executed during the vRA MachineProvisioned lifecycle
Prerequisites
- ServiceNow CMDB is properly configured
- ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
- Login to the vRA tenant
- Add license for ServiceNow CMDB module
- Validate the following show up on the Catalog page:
- Add ServiceNow Host
- Add ServiceNow CMDB
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add ServiceNow Host
ServiceNow Host
A ServiceNow Host is a target ServiceNow server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Host URL URL to ServiceNow host. Start with http
orhttps
ServiceNow version Select the ServiceNow version Create Authentication? Select
No
to choose from existing authorizationsSelect
Yes
to create a new authorizationAuthentication *Only shown when 'Create Authorization' is No
Select the appropriate authentication from an existing list of authentications
Authentication configuration label *Only shown when 'Create Authenticaiton' is Yes
Unique name for authentication.
*Only AlphaNumeric characters, no special characters nor spaces except:-
and_
Username *Only shown when 'Create Authorization' is Yes
Username
Password *Only shown when 'Create Authorization' is Yes
User's password
-
On the Catalog page, click on the Request button for: Add ServiceNow CMDB Configuration
ServiceNow CMDB Configuration
A ServiceNow CMDB configuration is the template for the VM
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
ServiceNow Host Select the desired ServiceNow Host Use Import Set? Select whether or not to use Import Set Table name Select the table to add/remove records from Import Set Name *Shown only when 'Use Import Set' is Yes
Import set name in ServiceNowDelete using Import Set? *Shown only when 'Use Import Set' is Yes
Default - If No is selected, the record will be deleted from the database tables directly
Advanced
Select Yes if the
u_action
field is configured on the Import Set and defined in the Transform scriptExample transform script:
if (source.u_action == 'delete') { var vms = new GlideRecord('cmdb_ci_vm_instance'); vms.addQuery('correlation_id', source.u_sovlabs_id); vms.deleteMultiple(); }
Use predefined template? *Shown only when 'Use Import Set' is Yes
Select whether or not to use a predefined templatePredefined template name *Shown only when 'Use Import Set' is Yes and 'Use predefined template' is Yes
Select appropriate template nameJSON template Modify the JSON template accordingly
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate ServiceNow CMDB property group (starts with
SovLabs-SNowCMDB-
)Do not attach more than 1 ServiceNow CMDB property group to a blueprint
- Check the
- Click OK
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the ServiceNow CMDB property group: (starts with
SovLabs-SNowCMDB-
)
- Uncheck the ServiceNow CMDB property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
Red Hat Satellite
The SovLabs Red Hat Satellite Module increases IT agility and speed of delivery by driving Red Hat Satellite’s software and subscription management features from a cloud consumption model. Organizations depend on Red Hat Satellite’s errata management capabilities to stay compliant with security and bugfix management.
With the SovLabs Red Hat Satellite Module organizations can now easily drive multiple Satellite subscription configurations and ensure proper registration and content deployment from Red Hat systems provisioned from vRealize Automation.
Quick start process
- Define Red Hat Satellite configuration(s)
- Apply to existing blueprint
- Provision!
- Supports automatic downloading and installing Satellite CA onto a node (server with Red Hat OS)
- Registers a node with Satellite activation key(s) during provisioning
- Installs Katello agent on a node during provisioning
- Option to force update a node from Satellite during provisioning
- Unregisters a node during de-provisioning
- Utilizes SovLabs Credential Store for credential reuse between multiple configuration definitions
- Delivers dozens to thousands of Red Hat Satellite deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
- SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
Prerequisites
- Red Hat Satellite server is properly configured
- Red Hat Satellite server is configured to utilize activation key(s) for registering nodes
- Red Hat Satellite service user account must have rights to add/update/delete content hosts
- Login to the vRA tenant
- Add license for Red Hat Satellite module
- Validate the following show up on the Catalog page:
- Add Satellite Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add Satellite Configuration
Satellite Configuration
A Satellite configuration is a target Red Hat Satellite server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique endpoint name
Satellite Hostname FQDN or IP address of Red Hat Satellite server Satellite Username Service account username that has permissions to the Red Hat Satellite server to add/update/delete content hosts Satellite Password User's password Satellite Organization Auto-populates based on valid Satellite Hostname, Satellite username and password
Select the desired organization to register VMs to
Activation Key(s) names or template List all Red Hat Satellite activation keys by name
Can be templated: SovLabs Template Engine
Satellite API 6 upgrade_all? Perform Satellite API 6 upgrade_all? Satellite Authorization Create Authorization? Select
No
to choose from existing authorizationsSelect
Yes
to create a new authorizationAuthorization *Only shown when 'Create Authorization' is No
Select the appropriate authorization from an existing list of authorizations
Authorization configuration label *Only shown when 'Create Authorization' is Yes
Unique name for authorization.
*Only AlphaNumeric characters, no special characters nor spaces except:-
and_
Use SSH Key? *Only shown when 'Create Authorization' is Yes
Select whether or not this authorization utilizes an SSH key
Username *Only shown when 'Create Authorization' is Yes
Username
Password *Only shown when 'Create Authorization' is Yes and 'Use SSH Key' is No
Username's password
SSH Key *Only shown when 'Create Authorization' is Yes and 'Use SSH Key' is Yes
SSH Key
SSH Key Password *Only shown when 'Create Authorization' is Yes and 'Use SSH Key' is Yes
SSH Key's password, if any
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Check the
SovLabs-EnableLifecycleStubs
property group - Check the appropriate Red Hat Satellite property group (starts with
SovLabs-Satellite-
)Do not attach more than 1 Red Hat Satellite property group to a blueprint
- Check the
- Click OK
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Property Groups section:
- Uncheck the Red Hat Satellite property group: (starts with
SovLabs-Satellite-
)
- Uncheck the Red Hat Satellite property group: (starts with
- Click OK
- Repeat Step 3 for all desired blueprints
SovLabs Modules Appendix
Updating a SovLabs vRA module item
On each vRA tenant for each SovLabs module vRA item to update, perform the following steps
- Login to the desired vRA tenant
- Click on the Items tab
- Select the desired SovLabs module name via the left-hand menu
- Click on the desired SovLabs module vRA item
Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage
- Click on Actions > Update
- Fill out the update form fields properly
- Click Submit
Managing Authentications for SovLabs modules
SovLabs Authorization allows authorization/authentication credentials to be stored and reused for SovLabs modules
SovLabs Authorization
SovLabs Authorization allows better management of credentials across blueprints and configuration items. Once an Authorization is configured, it will be encrypted
Modules that use the Authorization configuration will provide a dropdown list of relevant Authorization configurations to choose from
An authorization is tenant specific
Prerequisites
- If utilizing SSH keys, have the full SSH private key readily available along with the SSH Key passphrase, if a passphrase is required
- If using a simple login username and password, have the credentials readily available
Add an Authorization
- Login to the desired vRA tenant
- Click on the Catalog tab
- Select the Manage Authorization Configuration catalog item
- Fill out the request form fields properly:
Field Value Create Authorization? Select Yes
Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Type Type of authorization use
Subtype Subtype for granular filtering
For types other than Provisioned Node, leave blank
Connection method Select either basic
orSSH
SSH Key used? *Only shown when 'Connection method' is
SelectSSH
Yes
to use an SSH keyUsername Username that has necessary permissions Password *Only shown when 'SSH key used' is No
Users's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key Password *Only shown when 'SSH key used' is Yes
SSH Key password, if any - Click Submit
A SovLabs Authorization does not create an Item in vRA
Update an Authorization
- Login to the desired vRA tenant
- Click on the Catalog tab
- Select the Manage Authorization Configuration catalog item
- Fill out the request form fields properly:
Field Value Create Authorization? Select No
Delete Authorization Select No
Authorization? Select the desired authorization to update Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Type Type of authorization use
Subtype Subtype for granular filtering
For types other than Provisioned Node, leave blank
Connection method Select either basic
orSSH
SSH Key used? *Only shown when 'Connection method' is
SelectSSH
Yes
to use an SSH keyUsername Username that has necessary permissions Password *Only shown when 'SSH key used' is No
Users's passwordSSH Key *Only shown when 'SSH key used' is Yes
SSH KeySSH Key Password *Only shown when 'SSH key used' is Yes
SSH Key password, if any - Click Submit
A SovLabs Authorization does not create an Item in vRA
Delete an Authorization
- Login to the desired vRA tenant
- Click on the Catalog tab
- Select the Manage Authorization Configuration catalog item
- Fill out the request form fields properly:
Field Value Create Authorization? Select No
Delete Authorization Select Yes
Authorization Select the desired authorization to delete - Click Submit
Deleting a SovLabs vRA module item
On each vRA tenant for each SovLabs module vRA item to delete, perform the following steps
- Login to the desired vRA tenant
- Click on the Items tab
- Select the desired SovLabs module name via the left-hand menu
- Click on the desired SovLabs module vRA item
Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage
- Click on Actions > Delete
- Accept the defaults
- Click Submit