Add License
Once SovLabs vRA Extensibility module(s) have been purchased or requested as a trial, order details and a license key will be sent via email
One license key will enable functionality for all of the SovLabs vRA Extensibility modules requested
- Login to the desired vRA tenant
- Click on the Catalog tab
- Click on the catalog item: Add License - SovLabs Modules
- Fill out the form:
Field Value License key Copy & paste the entire SovLabs license file provided (including the header) - Click Submit
Once the SovLabs license has been added, additional vRA Catalog Item(s) will appear for all the modules licensed.
Custom Naming
Core module - vRA Extensions
View features and compatibilityQuick Start Process
- Define Naming Standard(s)
- Define Naming Standard(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- Have naming standard(s) that accounts for different scenarios for your company
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Naming Sequence
- Add Naming Standard
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Naming Sequence
Naming Sequence
One or more Naming Sequences can be used in a Naming Standard
Field Value Sequence label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Sequence type Choose a sequence type: - Decimal (Base 10):
0-9
for each digit - HexaDecimal (Base 16):
0-F
for each digit - Octal (Base 8):
0-7
for each digit - Pattern (Mixed bases and static text ): a flexible pattern that allows for unique naming sequences
Reuse sequence values? Select Yes
to reuse a sequence number if it is availableMax sequence length *Shown when Decimal, HexaDecimal or Octal is selected as the sequence type
What is the maximum number of the sequence length? If a
###
sequence is desired, type in3
for a three digit sequence lengthInitial value What is the initial number the sequence starts off with (
0
or1
)?*Do NOT pad this initial value number
Sequence padding *Shown when Decimal, HexaDecimal or Octal is selected as the sequence type
Numerical value to pad the sequence to the left in the event that the sequence does not meet the required
max sequence length
. Defaults to0
Pattern type format *Shown when Pattern is selected as the sequence type
Unique key Optional - Decimal (Base 10):
-
On the Catalog page, click on the Request button for Add Naming Standard
Naming Standard
A naming standard is a template that generates a specific hostname
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Used for multi-machine containers? Check the checkbox if the naming standard will be used for multi-machine containers Select sequence(s) Select the sequences that will be a part of the naming standard Template Define the naming standard template that will generate the hostname
The template must include the sequence(s):
Can be templated: SovLabs Template Engine
Example
Configure Pattern Type
Pattern naming sequences are designed to be flexible and multiple base sequences that can match most sequence types used in the industry.
Pattern naming sequences can contain the following types of bases:
Type | Pattern Key | Default Value | Range |
---|---|---|---|
Decimal | # | 0 | 0-9 |
HexaDecimal | x | 0 | 0-F |
Octal | o | 0 | 0-7 |
Binary | b | 0 | 0-1 |
Alpha | a | a | a-z |
*All Pattern Keys are to be defined inside / /
Example: /a#b/
is a sequence of alpha, decimal, and binary numbers/letters.
A unique feature of the pattern naming standard is that the sequence can contain static or template text in the sequence, yet the sequence increments as you would expect, ignoring the text.
For example a pattern of /a/StaticText/b/
will result in a the following sequence values:
aStaticText0, aStaticText1, bStaticText0, bStaticText1, cStaticText0. . .
As you can see that part of the sequence that the counter (inside the / /
) increments.
Meanwhile, the text outside of the / /
remains static text, yet as the right most digit rolled over the next significant digit increased as one would expect. This can be used with or without static text.
If a template is used, the counter is incremented first and then the template is rendered. This means if you have a property called "App" and you use it in a pattern such as /#//#/
- Run #1 - App = “Test” => sequence value is
0Test1
- Run #2 - App = “Foo” => sequence value is
0Foo2
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, add the vRA property group for Custom Naming:
- Starts with
SovLabs-NamingStandard-
for single machine scenarios Starts with
SovLabs-NamingStandardMultiMachineContainer
for multi-machine container scenariosDo not attach more than 1 Naming Standard property group to a vRA blueprint
- Starts with
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, remove the vRA property group for Custom Naming:
- Starts with
SovLabs-NamingStandard-
for single machine scenarios - Starts with
SovLabs-NamingStandardMultiMachineContainer
for multi-machine container scenarios
- Starts with
- Repeat Step 3 for all desired blueprints
Microsoft Active Directory
Core module - vRA Extensions
View features and compatibilityQuick Start Process
- Define Microsoft Endpoint(s)
- Define AD Configuration(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- Define your domain controller server(s) and whether or not proxy servers will be used
- Install AD Webservices on all the domain controllers that will be used
- Ensure NTP is set up correctly
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Microsoft Endpoint
- Add ActiveDirectory Configuration
- Add SovLabs vCenter Endpoint
Setup
- Login to the vRA tenant
- Perform this step only if using VMware Tools to connect to a jump server or target Microsoft AD server
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
-
On the Catalog page, click on the Request button for Add Microsoft Endpoint
Microsoft Endpoint
A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Connection method Connection method to connect to the target or proxy Microsoft server vCenter Endpoint *Shown if 'Connection method' is vmware-tools
Select a previously added SovLabs vCenter Endpoint in Step 2
VM Name as it appears in vCenter *Shown if 'Connection method' is vmware-tools
Type in the VM name of the Microsoft AD server
Is a jump server? Jump servers are limited to
SSH daemon
connection methods only or VMware ToolsChoose whether or not to utilize a jump server to make remote commands to the target AD server
Jump server *Shown if 'Is a jump server' is checked
Type in the jump server FQDN or IP Address for the target AD server
Remote server *Shown if 'Is a jump server' is checked
Type in the target AD server
Uses non-standard port? Select the checkbox if WinRM
orSSH daemon
was configured to listen on a non-standard portPort *Shown when 'Uses non-standard port' is checked
Port numberCredential Configuration for Microsoft Endpoint Create credential? Uncheck the checkbox to choose from existing Microsoft Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
Advanced Configuration Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
Share path for temporary directory to access Define if administrative shares are not available
Type in
path\share
instead of\\share-server\path\share
-
On the Catalog page, click on the Request button for Add ActiveDirectory Configuration
Active Directory Configuration
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Microsoft Endpoint(s) Select all the Microsoft Endpoints configured for Active Directory Computer name case Choose whether or not the computer name added in AD is all uppercase or lowercase Build OU Use Build OU? If checked, a VM during it's machineBuilding vRA lifecycle will be placed in an interim OU (Build OU)
Once the VM has finished building and provisioning, the VM will be moved/placed in the [final] OU
*The Build OU does not create the parent OU(s), the parent OU(s) must already exist.
Build OU ActiveDirectory Organizational Unit (OU) for VMs to join prior to completing provisioning
*Must be in
DN format
Create Build OU? Check to create the Build OU if it does not exist Remove OU? Check to remove Build OU if it does not have any children and is empty OU OU ActiveDirectory Organizational Unit (OU) for VMs to join
*Must be in
DN format
Create OU? Check to create OU if it does not exist Remove OU? Check to remove OU if it does not have any children and is empty Security Group(s) AD Security Group(s) List any/all Security Group(s) for server to join
*Must be in
DN format
Advanced Delete computer accounts based on computer name? If checked, will attempt to find computer account and remove it, regardless of what OU it is in
Example
SovLabs Template Engine for OUs
Assumptions:- The following properties (
teamID
,ORGID
,LOCATION
) are defined on the vRA Blueprint or inherited from the vRA Business Group or Compute Resources and etc. teamID
: DevelopmentORGID
: e712LOCATION
: Atlanta
-
Input
OU=,OU=,OU=,DC=sovlabs, DC=net
-
Output
OU=development,OU=E712,OU=atl,DC=sovlabs,DC=net
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Microsoft AD:
Starts with
SovLabs-AD-
Do not attach more than 1 Microsoft AD property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Microsoft AD:
Starts with
SovLabs-AD-
- Repeat Step 3 for all desired blueprints
Notifications
Core module - vRA Extensions
View features and compatibilityQuick Start Process
- Define Notification Configuration(s)
- Define Notification Group(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- User account with permissions to the webservices and/or email servers desired
- If utilizing an email server, gather the following details:
- IP Address/hostname of the email server
- Is the service SMTP or IMAP?
- Credential details (username/password)
- Whether SSL/TLS or STARTTLS is required to send emails through your email server
- Port # of SMTP or IMAP service on that host
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Notification Configuration
- Add Notification Group Configuration
- Manage Notification Message Server Configuration
- Manage Notification Email Group Configuration
- Manage Credential Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Notification Configuration
Notification Configuration
A notification configuration holds all the necessary information to send notifications
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Type Select the notification type State VMLIFECYCLE: Select whether to send the notification on a success and/or error states during VM lifecycles
SNAPSHOT: Select whether or not to send notifications when a new snapshot is found (NEW), when a snapshot is going to be deleted (WARNING), and/or when a snapshot has been deleted (DELETE)
Backup as a Service modules: Please keep both SUCCESS and ERROR checked
Message type Select the notification message type Format Select the desired format From address The address that will be sending the notification Can be templated: SovLabs Template Engine
Title Notification title Can be templated: SovLabs Template Engine
Body Body message - defaulted to standard templates. Please update accordingly *For a WebService, the only payload accepted is a
JSON
payload
VMLIFECYCLE
- The template
will insert specific logs as the VM goes through its lifecycles.
- The template
will insert any error logs faced as the VM goes through its lifecycles
Can be templated: SovLabs Template Engine
Message Server configuration New Message Server? Check the checkbox to create a new message server
Uncheck to choose an existing message server
Message Server *Shown when 'New Message Server' is unchecked
Select the desired message server from a list of existing message serversMessage server configuration label *Shown when 'New Message Server' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Message Server Address *Shown when 'New Message Server' is checked
Message Server address
NOTE: for a WebService, the request body is used as type
JSON
to deliver data to the web service it is connecting to.The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.
*If the WebService address is:
webserver.domain.com
and the URL directive for method is:/logmessage
, the resulting Message server address should be:webserver.domain.com/logmessage
Enable SSL? *Shown when 'New Message Server' checked
Choose whether or not SSL is enabled on the message serverMessage Server port *Shown when 'New Message Server' is checked
Message Server port
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
Message Server HTTP verb *Shown when New Message Server is checked and the Message type is WebService
Select the HTTP Verb
Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.
Message Server protocol *Shown when 'New Message Server' is checked
Select the appropriate protocolEnable credential? *Shown when 'New Message Server' is checked
Select whether credentials are enabled on the message serverCreate credential? Uncheck the checkbox to choose from existing Message Server credentials
Check the checkbox to create a new credential
Credential *Shown when 'Enable credential' is checked and 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials for the Message Server
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
Username's password
Enable STARTTLS? *Shown when 'New Message Server' is checked and 'Message Type' is Email
Select whether or not to enable STARTTLS
Network timeout Defaulted to 6000 Email Group configuration *Shown when the 'Message Server Type' is Email
New Email Group? Check the checkbox to create a new email group
Uncheck to choose an existing email group
Email Group *Shown when 'New Email Group' is unchecked
Select the desired email group from a list of existing email groupsEmail Group configuration label *Shown when 'New Email Group' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
To addresses *Shown when New Email Group is checked
Enter all the email addresses to send the notifications to
Can be templated: SovLabs Template Engine
CC addresses *Shown when New Email Group is checked
Enter all the email addresses to CC the notifications to
Can be templated: SovLabs Template Engine
BCC addresses *Shown when New Email Group is checked
Enter all the email addresses to BCC the notifications to
Can be templated: SovLabs Template Engine
- The template
-
On the Catalog page, click on the Request button for: Add Notification Group Configuration
Notification Group Configuration
A Notification Group configuration holds multiple notification configurations
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Type Select the type of notifications configurations to group Notifications Select all notification configurations filtered by type for this notification group - To update/edit a Message Server for Notifications:
- Request Manage Notification Message Server
- Select an action: Create/Update/Delete
- Fill in the form fields accordingly
- To update/edit an Email Group for Notifications:
- Request Manage Notification Email Group
- Select an action: Create/Update/Delete
- Fill in the form fields accordingly
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Notifications:
Starts with
SovLabs-NotificationGroup-
Do not attach more than 1 Notifications property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Notifications:
Starts with
SovLabs-NotificationGroup-
- Repeat Step 3 for all desired blueprints
DNS
Quick Start Process
- Define Endpoint(s)
- Define DNS Configuration(s)
- Provision!
BlueCat DNS
Core module - DNS
View features and compatibilityPrerequisites
- BlueCat user on (all) BlueCats(s) with API permissions:
- Through the BlueCat web portal, go to Administration > Users and Groups
- On the top-left of the Users pane, select New > User
- In the User creation wizard:
- Type of user: Administrator
- Access type: API
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add BlueCat Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add BlueCat Endpoint
BlueCat Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hostname BlueCat FQDN HTTPS? Choose whether or not BlueCat is on HTTPS Port BlueCat port number Configuration name BlueCat configuration name DNS view name BlueCat DNS view name
Custom User Field Configurations Host record user defined field(s) Add in any custom user fields (e.g. comments) used for BlueCat DNS
Can be templated: SovLabs Template Engine
IP record user defined fields *Skip if not using the SovLabs BlueCat IPAM module
Add in any custom user fields (e.g. comments) used for BlueCat IPAM
Can be templated: SovLabs Template Engine
Credential Configuration for BlueCat Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
- Create the DNS Configuration
BT Diamond IPControl DNS
Core module - DNS
View features and compatibilityPrerequisites
- User with Administrator type Master and Role superuser
- Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
- Through the BlueCat web portal, go to Management > DNS > Domains
- Select the domain to edit
- Set the Negative Cache TTL field to
60
- BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add BT Diamond Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add BT Diamond Endpoint
BT Diamond Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version BT Diamond version IPControl Hostname BT Diamond IPControl FQDN Port BT Diamond port number Credential Configuration for BT Diamond IPControl Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
- Create the DNS Configuration
Infoblox DNS
Core module - DNS
View features and compatibilityPrerequisites
- Infoblox user on (all) Infoblox appliance(s) with the following permissions:
- API and GUI access configured
- Add/remove DNS Records
- Infoblox WAPI version must be 1.2+
*Access
https://{infoblox-fqdn}/wapidoc/
and look in the upper-left corner - Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Infoblox Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Infoblox Endpoint
Infoblox Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hostname Infoblox appliance's FQDN or IP address HTTPS Select whether or not the Infoblox appliance is HTTPS
Port * Normally
Infoblox appliance port443
for HTTPS and80
for HTTPWAPI Version Select
1.2
if WAPI version is less than 2.0Select
2.0
if WAPI version is 2.0 or greaterDNS view *Optional
What is the DNS view this endpoint supports?
Network view *Optional
What is the Network view this endpoint supports?
Credential Configuration for Infoblox Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
Click Next
Advanced Options
Host record template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
A record template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
PTR record template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
Fixed address template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
- Create the DNS Configuration
Men & Mice DNS
Core module - DNS
View features and compatibilityPrerequisites
- Install Men & Mice Web Services to use REST API
- Men & Mice user on (all) Men & Mice with API permissions:
- API access configured
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Men and Mice Endpoint
- Add DNS Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Men and Mice Endpoint
Men and Mice Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Men & Mice version Hostname Men and Mice FQDN HTTPS Select whether or not Men & Mice is HTTPS
Port Men and Mice port number Credential Configuration for Men and Mice Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
IPAM Configuration Device custom properties *Skip if not using the SovLabs Men & Mice IPAM module
Add in any custom device properties (e.g. comments) used for Men & Mice IPAM
Can be templated: SovLabs Template Engine
- Create the DNS Configuration
Microsoft DNS
Core module - DNS
View features and compatibilityPrerequisites
- Define your domain controller server(s) and whether or not proxy servers will be used
- Install AD Webservices on all the domain controllers that will be used
- Ensure NTP is set up correctly
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Microsoft Endpoint
- Add IPAM Profile
- Add SovLabs vCenter Endpoint
Setup
- Login to the vRA tenant
- Perform this step only if using VMware Tools to connect to a jump server or target Microsoft DNS server
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
-
On the Catalog page, click on the Request button for Add Microsoft Endpoint
Microsoft Endpoint
A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Connection method Connection method to connect to the target or proxy Microsoft server vCenter Endpoint *Shown if 'Connection method' is vmware-tools
Select a previously added SovLabs vCenter Endpoint in Step 2
VM Name as it appears in vCenter *Shown if 'Connection method' is vmware-tools
Type in the VM name of the Microsoft AD server
Is a jump server? Jump servers are limited to
SSH daemon
connection methods only or VMware ToolsChoose whether or not to utilize a jump server to make remote commands to the target AD server
Jump server *Shown if 'Is a jump server' is checked
Type in the jump server FQDN or IP Address for the target AD server
Remote server *Shown if 'Is a jump server' is checked
Type in the target AD server
Uses non-standard port? Select the checkbox if WinRM
orSSH daemon
was configured to listen on a non-standard portPort *Shown when 'Uses non-standard port' is checked
Port numberCredential Configuration for Microsoft Endpoint Create credential? Uncheck the checkbox to choose from existing Microsoft Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
Advanced Configuration Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
Share path for temporary directory to access Define if administrative shares are not available
Type in
path\share
instead of\\share-server\path\share
- Create the DNS Configuration
SolarWinds DNS
Core module - DNS
View features and compatibilityPrerequisites
- Must have SolarWinds 4.5.1 in order to make REST API calls
- SolarWinds user with API permissions: API access configured
- SolarWinds 4.3.x and 4.4.x will utilize the SolarWinds database
- Database credentials for the SolarWinds database with permissions to execute SET/GET queries
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add SolarWinds Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add SolarWinds Endpoint
SolarWinds IP Address Manager Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version SolarWinds version
IP Address Manager Hostname *Shown when version is 4.5.1+
SolarWinds IP Address Manager FQDNHTTPS *Shown when version is 4.5.1+
Select whether or not the SolarWinds IP Address Manager isHTTPS
Port *Shown when version is 4.5.1+
SolarWinds IP Address ManagerDatabase hostname *Shown when version is 4.3.x, 4.4.x
SolarWinds database FQDNDatabase name *Shown when version is 4.3.x, 4.4.x
The database name, defaults to SolarWindsOrionDatabase port *Shown when version is 4.3.x, 4.4.x
SolarWinds Database port numberCredential Configuration for SolarWinds IP Address Manager Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
DNS Configuration Primary DNS Server IP Address Type in the Primary DNS server IP Address
*For Microsoft DNS, any authoritative DNS server.
For BIND, the primary authoritative DNS server.
IPAM Configuration IPAM comment field *Skip if not using the SovLabs SolarWinds IPAM module
Type in an IP Address' comment when reserved
Can be templated: SovLabs Template Engine
- Create the DNS Configuration
DNS Configuration
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add DNS Configuration
DNS Configuration
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Domains Add in all domains for this DNS configuration to support.
*Must be a qualified domain (e.g.
example.com
is valid.example
without the .com, .org, .net, etc would not be valid)Networks Add in all the networks ( X.X.X.X/CIDR
) for this DNS configuration to supportDNS server type Select the desired DNS type DNS Hosts Select all desired DNS type endpoints Create A Records? Check the checkbox to create A Records Create PTR Records? Check the checkbox to create PTR Records Create Host Records? *Shown when DNS server type is 'Infoblox'
Check the checkbox to create Host Records
Use as default server? Check the checkbox to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)
Only recommended for simple DNS configurations
Usage
- Login to the vRA tenant
- Click on the Infrastructure tab > Reservations > Reservations
- Hover over the reservation in association with the DNS configured domain and click Edit
- Click on the Network tab
- Check the appropriate network path and select the appropriate Network Profile from the dropdown
- Click OK
The next provisioned VM will automatically attempt to register with DNS only if the VM is in the configured domain and/or network defined for the DNS Configuration
Advanced
Register with additional DNS zones for the same NIC and hostname
- Verify a DNS configuration exists for the additional DNS zones
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_AdditionalDNSSuffixes
for the Name field - For the Value field:
- Type in a list of additional DNS zones to register the host
- Must be comma separated
- Example:
zone1.com,zone2.com
- Click on the button
- Click OK
- Repeat Step 2 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab
- In the Custom Properties section:
- Click on the New Property button
- Type in
SovLabs_DisableDNS
for the Name field - Type in
true
for the Value field - Click on the button
- Click OK
- Repeat Step 3 for all desired blueprints
IPAM
Quick Start Process
- Define Endpoint(s)
- Define IPAM Profile(s)
- Apply to existing blueprint(s)
- Provision!
BlueCat IPAM
Core module - IPAM
View features and compatibilityPrerequisites
- BlueCat user on (all) BlueCats(s) with API permissions:
- Through the BlueCat web portal, go to Administration > Users and Groups
- On the top-left of the Users pane, select New > User
- In the User creation wizard:
- Type of user: Administrator
- Access type: API
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add BlueCat Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add BlueCat Endpoint
BlueCat Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hostname BlueCat FQDN HTTPS? Choose whether or not BlueCat is on HTTPS Port BlueCat port number Configuration name BlueCat configuration name DNS view name *Skip if not using the SovLabs BlueCat DNS module
BlueCat DNS view name
Custom User Field Configurations Host record user defined field(s) *Skip if not using the SovLabs BlueCat DNS module
Add in any custom user fields (e.g. comments) used for BlueCat DNS
Can be templated: SovLabs Template Engine
IP record user defined fields Add in any custom user fields (e.g. comments) used for BlueCat IPAM
Can be templated: SovLabs Template Engine
Credential Configuration for BlueCat Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
- Create the IPAM Profile
BT Diamond IPControl IPAM
Core module - IPAM
View features and compatibilityPrerequisites
- User with Administrator type Master and Role superuser
- Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
- Through the BlueCat web portal, go to Management > DNS > Domains
- Select the domain to edit
- Set the Negative Cache TTL field to
60
- BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add BT Diamond Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add BT Diamond Endpoint
BT Diamond Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version BT Diamond version IPControl Hostname BT Diamond IPControl FQDN Port BT Diamond port number Credential Configuration for BT Diamond IPControl Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
- Create the IPAM Profile
Infoblox IPAM
Core module - IPAM
View features and compatibilityPrerequisites
- Infoblox user on (all) Infoblox appliance(s) with the following permissions:
- API and GUI access configured
- Add/remove Host Records, A Records and/or PTR Records
- Infoblox WAPI version must be 1.2+
*Access
https://{infoblox-fqdn}/wapidoc/
and look in the upper-left corner - Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Infoblox Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Infoblox Endpoint
Infoblox Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hostname Infoblox appliance's FQDN or IP address HTTPS Select whether or not the Infoblox appliance is HTTPS
Port * Normally
Infoblox appliance port443
for HTTPS and80
for HTTPWAPI Version Select
1.2
if WAPI version is less than 2.0Select
2.0
if WAPI version is 2.0 or greaterDNS view *Optional
What is the DNS view this endpoint supports?
Network view *Optional
What is the Network view this endpoint supports?
Credential Configuration for Infoblox Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
Click Next
Advanced Options
Host record template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
A record template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
PTR record template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
Fixed address template *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for the Host record
Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered
Leave blank to default
- Create the IPAM Profile
Men & Mice IPAM
Core module - IPAM
View features and compatibilityPrerequisites
- Install Men & Mice Web Services to use REST API
- Men & Mice user on (all) Men & Mice with API permissions:
- API access configured
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Men and Mice Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Men and Mice Endpoint
Men and Mice Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Men & Mice version Hostname Men and Mice FQDN HTTPS Select whether or not Men & Mice is HTTPS
Port Men and Mice port number Credential Configuration for Men and Mice Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
IPAM Configuration Device custom properties Add in any custom device properties (e.g. comments) used for Men & Mice IPAM
Can be templated: SovLabs Template Engine
- Create the IPAM Profile
Microsoft IPAM
Core module - IPAM
View features and compatibilityPrerequisites
- Install IPAM client on Microsoft IPAM (target or proxy) server:
- Server Manager > Manage > Add Roles and Features
- Accept defaults and click Next until the Features option
- Expand Remote Server Administration Tools > expand Feature Administration Tools
- Select IP Address Management (IPAM) Client
- Confirm and click Install
- Enable non-local administrators to run IPAM cmdlets
- Refer to the last section: Enable non-local administrators to run IPAM cmdlets via IPAM Server Cmdlets in Windows PowerShell
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Microsoft Endpoint
- Add IPAM Profile
- Add SovLabs vCenter Endpoint
Setup
- Login to the vRA tenant
- Perform this step only if using VMware Tools to connect to a jump server or target Microsoft IPAM server
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
-
On the Catalog page, click on the Request button for Add Microsoft Endpoint
Microsoft Endpoint
A Windows 2012 R2 jump server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Connection method Connection method to connect to the target or proxy Microsoft server vCenter Endpoint *Shown if 'Connection method' is vmware-tools
Select a previously added SovLabs vCenter Endpoint in Step 2
VM Name as it appears in vCenter *Shown if 'Connection method' is vmware-tools
Type in the VM name of the Microsoft AD server
Is a jump server? Jump servers are limited to
SSH daemon
connection methods only or VMware ToolsChoose whether or not to utilize a jump server to make remote commands to the target AD server
Jump server *Shown if 'Is a jump server' is checked
Type in the jump server FQDN or IP Address for the target AD server
Remote server *Shown if 'Is a jump server' is checked
Type in the target AD server
Uses non-standard port? Select the checkbox if WinRM
orSSH daemon
was configured to listen on a non-standard portPort *Shown when 'Uses non-standard port' is checked
Port numberCredential Configuration for Microsoft Endpoint Create credential? Uncheck the checkbox to choose from existing Microsoft Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
Advanced Configuration Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
Share path for temporary directory to access Define if administrative shares are not available
Type in
path\share
instead of\\share-server\path\share
- Create the IPAM Profile
SolarWinds IPAM
Core module - IPAM
View features and compatibilityPrerequisites
- Must have SolarWinds 4.5.1 in order to make REST API calls
- API access configured
- SolarWinds 4.3.x and 4.4.x will utilize the SolarWinds database
- Database credentials for the SolarWinds database with permissions to execute SET/GET queries
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add SolarWinds Endpoint
- Add IPAM Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add SolarWinds Endpoint
SolarWinds IP Address Manager Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version SolarWinds version
IP Address Manager Hostname *Shown when version is 4.5.1+
SolarWinds IP Address Manager FQDNHTTPS *Shown when version is 4.5.1+
Select whether or not the SolarWinds IP Address Manager isHTTPS
Port *Shown when version is 4.5.1+
SolarWinds IP Address ManagerDatabase hostname *Shown when version is 4.3.x, 4.4.x
SolarWinds database FQDNDatabase name *Shown when version is 4.3.x, 4.4.x
The database name, defaults to SolarWindsOrionDatabase port *Shown when version is 4.3.x, 4.4.x
SolarWinds Database port numberCredential Configuration for SolarWinds IP Address Manager Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential name
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
User's password
DNS Configuration Primary DNS Server IP Address *Skip if not using the SovLabs SolarWinds DNS module
Type in the Primary DNS server IP Address
*For Microsoft DNS, any authoritative DNS server.
For BIND, the primary authoritative DNS server.
IPAM Configuration IPAM comment field Type in an IP Address' comment when reserved
Can be templated: SovLabs Template Engine
- Create the IPAM Profile
IPAM Profile
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add IPAM Profile
IPAM Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Description *Optional
Description of IPAM profile
IPAM type Select the desired IPAM type Provider host *Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added an IPAM type endpoint
Select the desired IPAM type endpoint
Subnets, Gateways and Network names Subnet: X.X.X.X/CIDR
Gateway:X.X.X.X
Network Name: Corresponds to the VMware port group name in vCenter to be configured on the VM for this nic. Please refer to your vCenter configuration to identify what this value should be (vSphere Client > Networking > Portgroups).Can be templated: SovLabs Template Engine
- Type in a subnet and its gateway and network name (all comma separated) into the input field
(e.g.
10.0.0.0/24, 10.0.0.1, networkName
) - Click the green to add the entry into the array
- Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1
)NIC number Enter in a NIC number ( 0-9
) for this IPAM profilePrimary DNS Input the Primary DNS Secondary DNS Input the Secondary DNS DNS suffix Input the DNS suffix DNS search suffix Input the DNS search suffix(es) (comma separated) Primary WINS Input the Primary WINS Secondary WINS Input the Secondary WINS - Type in a subnet and its gateway and network name (all comma separated) into the input field
Usage
- Login to the vRA tenant
- Click on the Infrastructure tab > Reservations > Network Profiles
- Hover over the network profile that best matches the network for the IPAM and click Edit
- On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
- Click OK
- Click on the Reservation menu item from Infrastructure tab > Reservations
- Hover over the reservation in association with the network profile from Step 3 and click Edit
- Click on the Network tab
- Keep one network path checked and uncheck the rest, if any
- Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
- Click OK
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for IPAM:
Starts with
SovLabs-IPAMProfile-
and ends with-nic#
Do not attach more than 1 IPAM property group to a blueprint with the same nic number
- Repeat Step 7 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for IPAM:
Starts with
SovLabs-IPAMProfile-
and ends with-nic#
- Repeat Step 3 for all desired blueprints
vSphere DRS
Core module - vSphere
View features and compatibilityQuick Start Process
- Define vSphere vCenter Endpoint(s)
- Define DRS Profile(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- vSphere vCenter(s) are properly configured
- Cluster(s) and host group(s) are properly configured
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add SovLabs vCenter Endpoint
- Add DRS Profile
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add vCenter SovLabs Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add DRS Profile
DRS Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
vCenter Endpoint Select the desired SovLabs vCenter endpoint Cluster Select from auto-generated list of vCenter clusters when the vCenter Endpoint is selected Host group Select from auto-generated list of vCenter host groups when the vCenter Endpoint is selected Rule Select the DRS rule: - Must run on host group
- Should run on host group
- Must not run on host group
- Should not run on host group
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for vSphere DRS:
Starts with
SovLabs-DRS-
Do not attach more than 1 vSphere DRS property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for vSphere DRS:
Starts with
SovLabs-DRS-
- Repeat Step 3 for all desired blueprints
vSphere Snapshot Management
Core module - vSphere
View features and compatibilityQuick Start Process
- Define vSphere vCenter Endpoint(s)
- Define vRA IaaS and vRA CAFE Endpoint
- Define Notification Configuration
- Define Notification Group
- Define Snapshot Configuration
Prerequisites
- vSphere vCenter(s) are properly configured
- Cluster(s) and host group(s) are properly configured
- If utilizing an email server, gather the following details:
- IP Address/hostname of the email server
- Is the service SMTP or IMAP?
- Credential details (username/password)
- Whether SSL/TLS or STARTTLS is required to send emails through your email server
- Port # of SMTP or IMAP service on that host
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add SovLabs vCenter Endpoint
- Add SovLabs vRA CAFE Endpoint
- Add SovLabs vRA IaaS Endpoint
- Add Snapshot Configuration
- Add Notification Configuration
- Add Notification Group
- Manage Snapshot Scheduler
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add SovLabs vRA CAFE Endpoint
SovLabs vRA CAFE Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Read-only field based on querying vRA CAFE from the vRA tenant Hostname (FQDN) Auto-generated based on querying vRA CAFE. Please verify Credential Configuration for vRA CAFE Endpoint Create credential? Uncheck the checkbox to choose from existing vRA CAFE credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add SovLabs vRA IaaS Endpoint
SovLabs vRA IaaS Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Read-only field based on querying vRA IaaS from the vRA tenant Hostname (FQDN) Auto-generated based on querying vRA IaaS. Please verify Credential Configuration for vRA IaaS Endpoint Create credential? Uncheck the checkbox to choose from existing vRA CAFE credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (username only, no domain)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add Notification Configuration
Notification Configuration
A notification configuration holds all the necessary information to send notifications
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Type Select SNAPSHOT
State Select whether or not to send notifications when a new snapshot is found NEW
,
when a snapshot is going to be deletedWARNING
,
and/or when a snapshot has been deletedDELETE
Message type Select the notification message type Format Select the desired format From address The address that will be sending the notification Can be templated: SovLabs Template Engine
Title Notification title Can be templated: SovLabs Template Engine
Body Body message - defaulted to standard templates. Please update accordingly *For a WebService, the only payload accepted is a
JSON
payloadCan be templated: SovLabs Template Engine
Message Server configuration New Message Server? Check the checkbox to create a new message server
Uncheck to choose an existing message server
Message Server *Shown when 'New Message Server' is unchecked
Select the desired message server from a list of existing message serversMessage server configuration label *Shown when 'New Message Server' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Message Server Address *Shown when 'New Message Server' is checked
Message Server address
NOTE: for a WebService, the request body is used as type
JSON
to deliver data to the web service it is connecting to.The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.
*If the WebService address is:
webserver.domain.com
and the URL directive for method is:/logmessage
, the resulting Message server address should be:webserver.domain.com/logmessage
Enable SSL? *Shown when 'New Message Server' checked
Choose whether or not SSL is enabled on the message serverMessage Server port *Shown when 'New Message Server' is checked
Message Server port
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
Message Server HTTP verb *Shown when New Message Server is checked and the Message type is WebService
Select the HTTP Verb
Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.
Message Server protocol *Shown when 'New Message Server' is checked
Select the appropriate protocolEnable credential? *Shown when 'New Message Server' is checked
Select whether credentials are enabled on the message serverCreate credential? Uncheck the checkbox to choose from existing Message Server credentials
Check the checkbox to create a new credential
Credential *Shown when 'Enable credential' is checked and 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials for the Message Server
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
Username's password
Enable STARTTLS? *Shown when 'New Message Server' is checked and 'Message Type' is Email
Select whether or not to enable STARTTLS
Network timeout Defaulted to 6000 Email Group configuration *Shown when the 'Message Server Type' is Email
New Email Group? Check the checkbox to create a new email group
Uncheck to choose an existing email group
Email Group *Shown when 'New Email Group' is unchecked
Select the desired email group from a list of existing email groupsEmail Group configuration label *Shown when 'New Email Group' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
To addresses *Shown when New Email Group is checked
Enter all the email addresses to send the notifications to
Can be templated: SovLabs Template Engine
CC addresses *Shown when New Email Group is checked
Enter all the email addresses to CC the notifications to
Can be templated: SovLabs Template Engine
BCC addresses *Shown when New Email Group is checked
Enter all the email addresses to BCC the notifications to
Can be templated: SovLabs Template Engine
-
On the Catalog page, click on the Request button for: Add Notification Group Configuration
Notification Group Configuration
A Notification Group configuration holds multiple notification configurations
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label name
Type Select SNAPSHOT
Notifications Select all Snapshot notification configurations filtered this notification group -
On the Catalog page, click on the Request button for: Add Snapshot Configuration
Snapshot Configuration
A Snapshot configuration represents configurations for vSphere Snapshot Management
Field Value vCenter Endpoints defined? Read-only field, should say "Yes". SovLabs vCenter Endpoints must be defined prior to submitting this form. Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
SovLabs vRA CAFE Endpoint Select the desired SovLabs vRA CAFE endpoint. Make sure to define SovLabs vRA CAFE endpoint(s) prior to. SovLabs vRA IaaS Endpoint Select the desired SovLabs vRA IaaS endpoint. Make sure to define SovLabs vRA IaaS endpoint(s) prior to. Notification Group Select the desired Notification Group. Make sure to define Notification Group(s) with type SNAPSHOT
prior to.VMs for all vRA Business Groups? Select whether or not to manage snapshots for all vRA Business Groups defined for this vRA tenant. Filter VMs by vRA Business Group(s) *Shown when 'VMs for all vRA Business Groups?' is checked
Select all desired vRA Business Group(s) to manage snapshots for
Snapshot lifespan (days) Define a snapshot's lifespan in number of days Expiration warning notification(s) Define when to send warning notifications in number of days from expiration Snapshot lifespan (days) Define a snapshot's lifespan in number of days Click "Next"
Field Value Snapshot Scheduler All scheduling will be executed in the vRO instance timezone Read-only field that depicts vRealize Orchestrator's timezone. When defining a schedule for snapshot management, please convert your desired scheduled time(s) to be aligned with vRO's timezone. Schedule is active? Defaulted to "Yes". At a later time, can specify a specific Snapshot Configuration to be inactive by unchecking the checkbox and will not run for the specific Snapshot Configuration Schedule type Define when to run this Snapshot Configuration: Daily, Weekly, Monthly, or Run once Daily
Weekly
Monthly
Run onceDaily:
hh:mm
in military timeWeekly:
EEE hh:mm
whereEEE
is Mon, Tue, Wed, Thu, Fri, Sat, Sun andhh:mm
is in military timeMonthly:
dd hh:mm
wheredd
is the day of the month 01-31 andhh:mm
is in military timeRun once: Select a specific date and time to run. Will only run once.
Schedule end date *Optional: Select a date when to end this Snapshot Configuration scheduled task
Usage
- An inventory will run and send out notifications appropriately.
- If a snapshot's age has met the expiration day, it will automatically delete the snapshot.
- The last SovLabs Snapshot Configuration deleted will delete the vRealize Orchestrator scheduled task for Snapshot Management
- To resume previously suspended SovLabs vSphere Snapshot configurations:
- Login to the vRA tenant
- Click on the Catalog tab
- Click on Manage Snapshot Scheduler:
- Click on the desired action
Resume
- Click Submit
- Click on the desired action
Disable
- Login to the vRA tenant
- Click on the Catalog tab
- Click on Manage Snapshot Scheduler:
- Click on the desired action
Suspend
- Click Submit
- Click on the desired action
SovLabs Property Toolkit
Core module - vRA Extensions
View features and compatibilityQuick Start Process
- Define Property Set(s) on existing blueprint(s)
- Provision!
Setup
Property names and values can be templated using the SovLabs Template Engine
- Login to the vRA tenant
- Click on the Administration tab > Property Dictionary
- Click on Property Group
- Click on +New
- Name: Provide a name for the Property Group
- Properties: Click on +New to add a new property:
- Name:
- Always prefix the name with
SovLabs_CreateProperties_
(e.g. SovLabs_CreateProperties_Location) Multiple properties can be attached as long as the suffix is unique
- Always prefix the name with
- Value: Multiple properties can exist on each property and must be in one of the following 4 formats
- Single Object (JSON format)
Example
-
Format
{ "name": "foo", "value": "bar", "hidden": false, "runtime": false, "encrypted": false, "doNotUpdate": false }
-
Description
- name is the name of the Property
- value is the value of the Property
- Optional fields may be omitted:
hidden
,runtime
,encrypted
anddoNotUpdate
hidden
,runtime
,encrypted
anddoNotUpdate
all default tofalse
-
- Array
Example
-
Format
[ "foo", //name "bar", //value false, //hidden false, //runtime false, //encrypted false //doNotUpdate ]
-
Description
- name is the name of the Property
- value is the value of the Property
- Optional fields may be omitted:
hidden
,runtime
,encrypted
anddoNotUpdate
hidden
,runtime
,encrypted
anddoNotUpdate
all default tofalse
-
- Array of Single Objects (JSON format)
Example
-
Format
[ { "name": "foo", "value": "bar", "hidden": false, "runtime": false, "encrypted": false, "doNotUpdate": false }, { "name": "hello", "value": "world", "hidden": true, "runtime": false, "encrypted": true, "doNotUpdate": false } ]
-
Description
- name is the name of the Property
- value is the value of the Property
- Optional fields may be omitted:
hidden
,runtime
,encrypted
anddoNotUpdate
hidden
,runtime
,encrypted
anddoNotUpdate
all default tofalse
-
- Array of an Array
Example
-
Format
[ [ "foo", //name "bar", //value false, //hidden false, //runtime false, //encrypted false //doNotUpdate ], [ "hello", //name "world", //value true, //hidden false, //runtime false, //encrypted true //doNotUpdate ] ]
-
Description
- name is the name of the Property
- value is the value of the Property
- Optional fields may be omitted:
hidden
,runtime
,encrypted
anddoNotUpdate
hidden
,runtime
,encrypted
anddoNotUpdate
all default tofalse
-
- Single Object (JSON format)
- Name:
- Encrypted: Select whether or not the property should be encrypted
- Show in Request: Select whether or not the Property Group should be shown in the blueprint request
- Save
Usage
Apply to vRA Blueprints
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for SovLabs Property Toolkit that was created
- Repeat Step 3 for all desired blueprints
Managing vRA Properties on multiple VMs
- Login to the vRA tenant
- On the Catalog page, click on the Request button for Manage Properties
SovLabs Property Toolkit - Manage Properties
Field Value Hostname filter *Regex and wildcards are not supported
Type in a part of the hostname to filter out VMs by hostname
Property filter *Regex and wildcards are not supported
Type in a VM property name and value to filter out VMs by custom properties
Business Group filter *Regex and wildcards are not supported
Type in the vRA Business Group name to filter out VMs by vRA Business Group(s)Selected VMs Select and move VMs to the right to affect properties on those VMs Action Select whether to Create, Update or Delete property on the selected VMs Property Name Type in the Property name to create, update or delete
Property Value *Not shown for Create New Property action
Type in the (new) Property value
Hidden *Not shown for Create New Property action
Select whether or not to hide the property.
Encrypted *Not shown for Create New Property action
Select whether or not to encrypt the property
Show in Request *Not shown for Create New Property action
Select whether or not to show the property in the request
Confirm action *Not shown for Create New Property action
Type in the Action field text to confirm
End-user Managing vRA Properties for VMs
- Login to the vRA tenant
- Click on the Items tab and select Machines
- Select the desired VM and click on Actions on the top column of the VM list
- Select Manage Properties (SovLabs Property Toolkit)
Manage Properties (SovLabs Property Toolkit)
Field Value Action Select whether to Create, Update or Delete property on the selected VMs Property Picker Select the VM Property to manage Property Name Type in the Property name to create, update or delete
Property Value *Not shown for Create New Property action
Type in the (new) Property value
Hidden *Not shown for Create New Property action
Select whether or not to hide the property.
Encrypted *Not shown for Create New Property action
Select whether or not to encrypt the property
Show in Request *Not shown for Create New Property action
Select whether or not to show the property in the request
Lifecycle
Properties are created during the following stages of the VM lifecycle via vRealize Automation Event Broker Subscriptions:
- Machine Requested
- Machine Provisioned
Disable
Removing from vRA Blueprints
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, remove the vRA property group for SovLabs Property Toolkit that was created
- Repeat Step 3 for all desired blueprints
Preventing Manage Properties on VM(s)
- Once the process to create/update/delete a property on VM(s) has started, it cannot be stopped.
- To prevent the requester from Managing Properties on VM(s), remove the entitlement
SovLabs VM Tagging
Core module - vRA Extensions
View features and compatibilityQuick Start Process
- Define VM tag properties on existing blueprint(s)
- Provision!
Setup
The SovLabs VM Tagging module is solely driven through vRA custom properties.
Property names and values can be templated using the SovLabs Template Engine
- Login to the vRA tenant
- Click on the Administration tab > Property Dictionary
- Click on Property Group
- Click on +New
- Name: Provide a name for the Property Group
- Properties: Click on +New to add a new property:
- Name:
- Always prefix the name with
SovLabs_CreateTags_VMW_
(e.g. SovLabs_CreateTags_VMW_Location) Multiple properties can be attached as long as the suffix is unique
- Always prefix the name with
- Value: Multiple properties can exist on each property and must be in one of the following 4 formats
- Single Object (JSON format)
Example
-
Format
{ "name": "foo", "category": "bar", "cardinalitySingle": false, "tagDescription": "desc", "categoryDescription": "desc 2" }
-
Description
- name is the name of the Tag
- value is the name of the Tag Category
- Optional fields may be omitted:
cardinalitySingle
,tagDescription
andcategoryDescription
-
- Array
Example
-
Format
[ "foo", //name "bar", //category false, //cardinalitySingle "desc", //tagDescription "desc 2", //categoryDescription ]
-
Description
- name is the name of the Tag
- value is the name of the Tag Category
- Optional fields may be omitted:
cardinalitySingle
,tagDescription
andcategoryDescription
-
- Array of Single Objects (JSON format)
Example
-
Format
[ { "name": "foo", "category": "bar", "cardinalitySingle": false, "tagDescription": "desc", "categoryDescription": "desc 2" }, { "name": "hello", "category": "world", "cardinalitySingle": true, "tagDescription": "desc 3", "categoryDescription": "desc 4" } ]
-
Description
- name is the name of the Tag
- value is the name of the Tag Category
- Optional fields may be omitted:
cardinalitySingle
,tagDescription
andcategoryDescription
-
- Array of an Array
Example
-
Format
[ [ "foo", //name "bar", //category false, //cardinalitySingle "desc", //tagDescription "desc 2", //categoryDescription ], [ "hello", //name "world", //category false, //cardinalitySingle "desc 3", //tagDescription "desc 4", //categoryDescription ] ]
-
Description
- name is the name of the Tag
- value is the name of the Tag Category
- Optional fields may be omitted:
cardinalitySingle
,tagDescription
andcategoryDescription
-
- Single Object (JSON format)
- Name:
- Encrypted: Select whether or not the property should be encrypted
- Show in Request: Select whether or not the Property Group should be shown in the blueprint request
- Save
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for SovLabs VM Tagging that was created
- Repeat Step 3 for all desired blueprints
Lifecycle
Provisioning
- When a tagged VM is provisioned, the VM’s relationship to the Tag is created
- If the Tag Category does not exist, it will be created in vCenter
- If the Tag does not exist, it will be created in vCenter
*If the property name or value resolves to an empty string it will be skipped.
De-provisioning
- When a tagged VM is destroyed, the VM’s relationship to the Tag is also removed
- Tags are not removed from vCenter upon VM removal
- Categories are not removed from vCenter upon VM removal
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, remove the vRA property group for SovLabs VM Tagging that was created
- Repeat Step 3 for all desired blueprints
Ansible Tower
Advanced Module - Configuration Management
View features and compatibilityQuick Start Process
- Define Ansible Tower Endpoint(s)
- Define Ansible Tower Profile(s)
- Define Ansible Tower Inventory Profile(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- Ansible Tower is properly configured
- An account with permissions to desired Ansible Tower(s)
- Dynamic Inventory script
vra.py
is installed - Dynamic Inventory configuration
vra.yaml
is installed - Configure Inventory on the Ansible Tower server:
- Download the generate_ansInv.sh script
Must have an account and login to download
- Run the script as
root
on the Ansible Tower server
- Download the generate_ansInv.sh script
- Set up Organizations, Teams, Projects, Job Templates, Machine Credentials, and Inventories in Ansible Tower
- Set up any Playbooks to be exercised from Ansible Tower
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Ansible Tower Endpoint
- Add Ansible Tower Profile
- Add Ansible Tower Inventory Profile
- Manage Credentials
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Ansible Tower Endpoint
Add an Ansible Tower Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hostname Ansible Tower hostname Credential Configuration for Ansible Tower Endpoint Create credential? Check the checkbox to create a new credential configuration
Leave unchecked to choose from existing credentials
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique credential label
Username *Shown when 'Create credential' is unchecked
Account username that has access/rights to Ansible Tower
Password Shown when 'Create credential' is unchecked
User's password
Organization Organization Select the appropriate Ansible Tower organization from an existing list of organizations
The drop-down menu values will auto-generated once a credential has been selected or a valid username/password is entered
-
On the Catalog page, click on the Request button for Add Ansible Tower Profile
Add Ansible Tower Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Ansible Tower Endpoint Select an Ansible Tower Endpoint that was previously added Filter Projects by Team *Auto-generated list of Teams based on the Ansible Tower Endpoint selected
Select the desired Team, if anyFilter Job Templates by Project *Auto-generated list of Projects based on the Ansible Tower Endpoint selected
Select the desired Project, if anyGet Job Templates from list? Uncheck to manually enter a Job Template name
Check the checkbox to select from an existing list
Job Templates If unchecked for 'Get Job Templates from list?', manually enter a Job Template name.
If checked for 'Get Job Templates from list?', select an existing Job Template
Get Deprovision Job Templates from list? Uncheck to manually enter a deprovision Job Template name
Check to select from an existing list of deprovision Job Templates
Deprovision Job Templates If unchecked for 'Get Deprovision Job Templates from list?', manually enter a deprovision Job Template name
If checked 'Get Deprovision Job Templates from list?', select an existing deprovision Job Template
Advanced Machine credential *Auto-generated list of machine credentials based on the Ansible Tower Endpoint selected
Select the desired machine credential, if anyInventory *Auto-generated list of Inventory based on the Ansible Tower Endpoint selected
Select the desired Inventory, if anyExtra vars Define a string that represents a
JSON
orYAML
formatted dictionary (with escaped parentheses) which includes variables given by the user, including answers to survey questions -
On the Catalog page, click on the Request button for Add Ansible Tower Inventory Profile
Ansible Tower Inventory Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Ansible Tower Endpoint Select an Ansible Tower Endpoint vRA IaaS URL *Auto-generated vRA IaaS URL, must match a configured IaaS URL in vRO
Verify vRA IaaS URLFilters vRA Business Group(s) *Auto-generated list of vRA Business Groups, if any
Select the desired vRA Business Group(s). Leave blank to select allProperty Filters Specify the properties (key, value) to filter on. May have zero or more property filters Dynamic Groups Group separator Define how VMs will be grouped via one or more string characters. Used in the groups definitions below to separate groups name Groups Groups are defined as templates that will be resolved with vmProperties. If one property does not resolve, that group will be omitted. List groups, separated by the character defined in Group separator above Paging Result page size Specify the maximum number of VMs to return at one time, will make multiple calls to get the entire inventory. Leave blank to get all VMs in a page result.
Inventory Configuration
- Remote login to the Ansible Tower instance
- Create a directory for the Ansible Tower Inventory Profile config file
vra.yaml
- Download
vra.py
andvra.yaml
from Github into this new directory - Edit
vra.yaml
- Verify all configuration values are correct and appertain to the Ansible Tower setup
- Verify
atow_inv_profile_name
is the value of the “Configuration label” from the Ansible Tower Inventory Profile - Save & close
- Login to Ansible Tower web application
- Assuming the Prerequisites section in the beginning of the Ansible Tower section has been completed, add the Dynamic Inventory script
vra.py
to a new Inventory Script- Click the Settings button in the top menu and select INVENTORY SCRIPTS
- Click on +Add or an existing Inventory Script hyperlink
- Copy & paste the contents of
vra.py
into the * CUSTOM SCRIPT field, and provide a value for NAME
- Now the Inventory Script will be associated with an Inventory
- Click on INVENTORIES in the main menu
- Click on +Add or an existing Inventory
- Fill in the Name and Description fields and click Save
- On the next screen, click on +ADD GROUP
- Provide a NAME and click on SOURCE, selecting Custom Script from the drop down. This will cause the *CUSTOM INVENTORY SCRIPT field to appear
- Click the spyglass in *CUSTOM INVENTORY SCRIPT and select the name of the INVENTORY SCRIPT item created in Step 6.2
- In the ENVIRONMENT VARIABLES text area, enter the following text, substituting the directory path created in Step 2
VRA_YAML: /{directory path}/vra.yaml
- Select the 3 update options of Overwrite, Overwrite Variables, and Update on Launch
- Click Save
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Ansible Tower:
Starts with
SovLabs-AnsibleTowerProfile-
Do not attach more than 1 Ansible Tower property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
- Provision
Disable Ansible Tower Inventory
- Login to the Ansible Tower web application
- Follow Steps 7 and for 7.3, click on SOURCE > Choose a source
- Click Save
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Ansible Tower:
Starts with
SovLabs-AnsibleTowerProfile-
- Repeat Step 3 for all desired blueprints
Cohesity Backup as a Service
Advanced Module - Backup as a Service Management
View features and compatibilityQuick Start Process
- Define Cohesity Cluster Endpoint(s)
- Configure Cohesity Backup Profile
- Define Notification Configuration for Cohesity
- Apply Backup Profile to existing blueprint(s)
- Provision and recover VMs!
Prerequisites
- Cohesity Cluster is properly configured
- All Linux VMs protected by Cohesity must have the following installed:
rsync
nfs-utils
nfs-utils-lib
lsof
- Service account with Administrative privileges on the Cohesity Cluster(s)
- Email notification:
- User account with permissions to the email servers desired
- If utilizing an email server, gather the following details:
- IP Address/hostname of the email server
- Is the service SMTP or IMAP?
- Credential details (username/password)
- Whether SSL/TLS or STARTTLS is required to send emails through your email server
- Port # of SMTP or IMAP service on that host
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
- Existing Protection Job(s) on the Cohesity Cluster(s)
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Cohesity Cluster Endpoint
- Add Cohesity Backup Profile
- Add Notification Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Cohesity Cluster Endpoint
Cohesity Cluster Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Select the Cohesity Cluster version Hostname Cohesity Cluster hostname (FQDN or IP address) HTTPS? Choose whether or not the Cohesity Cluster is HTTPS Port Cohesity Cluster port number Credential Configuration for Cohesity Cluster Endpoint Create credential? Uncheck the checkbox to choose from existing Cohesity Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (no domain)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add Cohesity Backup Profile
Cohesity Backup Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Cohesity Cluster Endpoint Select the desired Cohesity Cluster Endpoint Protection Jobs *Auto-generated list based on Cohesity Cluster Endpoint selected
Select a Protection Job from the left column and click on the right arrow to move it to the right column.
Repeat for all desired Protection Jobs
-
On the Catalog page, click on the Request button for Add Notification Configuration
Notification Configuration
A notification configuration holds all the necessary information to send notifications
Field Value Type Select Backup as a Service - Cohesity Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
*Please keep as auto-generated label
State *Please keep both SUCCESS and ERROR checked
Message type *Please keep as Email
Format Select the desired format From address Type the email address that will be sending the notification Can be templated: SovLabs Template Engine
Title *Auto-generated Notification title
Can be templated: SovLabs Template Engine
Body Body message - defaulted to standard templates. Please update accordingly Can be templated: SovLabs Template Engine
Message Server configuration New Message Server? Check the checkbox to create a new message server
Uncheck to choose an existing message server
Message Server *Shown when 'New Message Server' is unchecked
Select the desired message server from a list of existing message serversMessage server configuration label *Shown when 'New Message Server' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Message Server Address *Shown when 'New Message Server' is checked
Message Server address (SMTP or IMAP host)
Enable SSL? *Shown when 'New Message Server' checked
Choose whether or not SSL is enabled on the message serverMessage Server port *Shown when 'New Message Server' is checked
Message Server port
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
Message Server protocol *Shown when 'New Message Server' is checked
Select the appropriate protocolEnable credential? *Shown when 'New Message Server' is checked
Select whether credentials are enabled on the message serverCreate credential? Uncheck the checkbox to choose from existing Message Server credentials
Check the checkbox to create a new credential
Credential *Shown when 'Enable credential' is checked and 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials for the Message Server
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
Username's password
Enable STARTTLS? *Shown when 'New Message Server' is checked and 'Message Type' is Email
Select whether or not to enable STARTTLS
Network timeout Defaulted to 6000 Email Group configuration New Email Group? Check the checkbox to create a new email group
Email Group configuration label *Please keep as auto-generated label
To addresses *Please keep auto-generated value
Enter all additional email addresses to send the notifications to
Can be templated: SovLabs Template Engine
CC addresses Enter all the email addresses to CC the notifications to
Can be templated: SovLabs Template Engine
BCC addresses Enter all the email addresses to BCC the notifications to
Can be templated: SovLabs Template Engine
Only add 1 Notification Configuration for Cohesity
No further action is necessary to set up SovLabs Notifications for Cohesity Backup as a Service module. The Notification Configuration for Cohesity may be updated any time
- Do not add a Notification Group. A notification group for Cohesity Notification Configuration gets auto-generated. The Cohesity Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Cohesity is deleted
Usage
Apply to vRA blueprint(s)
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:
Starts with
SovLabs-Cohesity-
Do not attach more than 1 Cohesity Backup as a Service property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
- Provision
End-user Usage
Provide a guide on how to perform Day 2 operations to end-users
Download User Guide
Enable End-user to Select a Protection Job at Request Time
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:
SovLabs-CohesityChooseProtectionJob
- Repeat Step 3 for all desired blueprints
- Provision
Enable End-user to Recover Files and Folders
Allow the end-user to see the Recover Files and Folders (Cohesity) action on a VM:
- Add the action to the entitlement
- Search text to type in the Name field is: Cohesity
- Action to add is:
Recover Files and Folders (Cohesity)
Enable End-user to Change Protection Job
Allow the end-user to see the Change Protection Job (Cohesity) action on a VM:
- Add the action to the entitlement
- Search text to type in the Name field is: Cohesity
- Action to add is:
Change Protection Type (Cohesity)
Disable
Remove from vRA blueprint(s)
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service:
Starts with SovLabs-Cohesity-
- Repeat Step 3 for all desired blueprints
End-userSelect a Protection Job at Request Time
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service: SovLabs-ChooseCohesityProtectionJob
- Repeat Step 3 for all desired blueprints
End-userFile and Folder Recovery
Provide a guide on how to perform Day 2 operations to end-users
Download User Guide- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Cohesity Backup as a Service:
SovLabs-CohesityChooseProtectionJob
- Search text to type in the Name field is: Cohesity
- Action to add is:
Recover Files and Folders (Cohesity)
- Search text to type in the Name field is: Cohesity
- Action to add is:
Change Protection Type (Cohesity)
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service:
Starts with
SovLabs-Cohesity-
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Cohesity Backup up as a Service:
SovLabs-ChooseCohesityProtectionJob
Once the process to restore a VM's files and folders has started, it cannot be stopped
Prevent the end-user from seeing the Recover Files and Folders (Cohesity) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Recover Files and Folders (Cohesity)
- Action to remove is:
End-userChange Protection Job
Once the process to change a VM's Cohesity Protection Job has started, it cannot be stopped
Prevent the end-user from seeing the Change Protection Job (Cohesity) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Change Protection Job (Cohesity)
- Action to remove is:
F5
Advanced Module - Network Load Balancing
View features and compatibilityQuick Start Process
- Define F5 BIG-IP Endpoint(s)
- Drag, drop and modify the F5 Virtual component and link it to dependent machine component in the blueprint canvas
- Provision!
Prerequisites
- A user account configured in F5 BIG-IP® that has Administrator role/access:
- Add/Remove F5 BIG-IP Virtual Servers
- Add/Remove F5 BIG-IP Pools
- Add/Remove F5 BIG-IP Nodes and Pool node members
- Optional: Add F5 BIG-IP Virtual Server iRules, Add F5 BIG-IP Server/Client SSL Profiles, Add F5 BIG-IP Pool Health Monitors
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add F5 Endpoint
- F5 Virtual
- Manage Restipe Configurations
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add F5 Endpoint
F5 Endpoint
A F5 BIG-IP Endpoint is the F5 instance where F5 BIG-IP VIPs can be created/removed via the F5 BIG-IP API
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Hostname F5 BIG-IP hostname (FQDN or IP address) HTTPS? Choose whether or not the F5 BIG-IP is HTTPS Port F5 BIG-IP port number Credential Configuration for F5 Endpoint Create credential? Uncheck the checkbox to choose from existing F5 Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (no domain)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Manage Restipe Configuration
Manage Restipe Configuration
SovLabs RESTipe™, an “infrastructure as code” approach for defining the steps used to create, reuse, remove and scale F5 BIG-IP structures, such as VIPs, Pools, and Nodes/Members.
The SovLabs F5 module comes packaged with a functional RESTipe with the most common steps and structures. The SovLabs RESTipe is a single
JSON
orYAML
formatted script, based on the SovLabs Template Engine. For even more flexibility, use the SovLabs RESTipe™ Guide to create custom RESTipe. No need for custom vRO workflows to integrate custom vRA properties or interact with other REST-based endpoints.Field Value Action Select whether to Create, Update or Delete Filter by type *Shown when Action is 'Update' or 'Delete'
Select the type to filter SovLabs RESTipe byRESTipe Drop-down menu *Shown when Action is 'Update' or 'Delete'
Select the RESTipe to update or delete from the drop-down menuType Select the type of SovLabs RESTipe Configuration label *Shown when Action is 'Create'
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Upon licensing SovLabs F5 module, a default SovLabs RESTipe has been added:
F5Config-internal
RESTipe Textarea
JSON
orYAML
format
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Create a new blueprint or select an existing blueprint name and click Edit
- Under Categories (on left pane), click on Other Components
- Drag and drop Create F5 VIP - SovLabs Modules onto the Design Canvas
- Tie the Create F5 VIP canvas item to the vSphere Machine canvas item by dragging the arrow FROM Create F5 VIP TO the vSphere Machine View screenshot
- Click on the Create_F5_VIP.. canvas item and a window pane will appear on the bottom
- Modify fields as desired by setting the default values for fields and other advanced settings and clicking on Apply for each field
By setting default fields or having advanced settings on the fields, what a requester sees and can select is controlled upon request time of the vRA blueprint - To add additional node level settings during request time:
- Click on the blueprint vSphere machine on the Design Canvas
- Click on the Properties tab and click the + Add button
- In the Property Groups section:
- Check the
SovLabs-F5NodeConfigurations
property group
- Check the
- Click OK
- Once the blueprint is set up as desired, click on Finish
- If the blueprint saved above is a new blueprint:
- Select the blueprint from the list in Design > Blueprints
- Click on Publish
- Click on Administrators tab > Catalog Management > Catalog items
- Find and select the newly created blueprint from the list and click Configure
- Find the Service field and select the appropriate Service for the blueprint from the drop-down list
- Click OK
- If the Create F5 VIP – SovLabs Modules XaaS blueprint needs to be modified:
- Click on Design tab > XaaS > XaaS Blueprints
- Find and select Create F5 VIP – SovLabs Modules and click Copy
- Select Create F5 VIP – SovLabs Modules (2) that was newly created and click Edit
- Rename the XaaS blueprint as desired in the Name field (in General tab)
- Select the Blueprint form tab and modify the XaaS blueprint and click Finish
- Select the XaaS blueprint from the list and click Publish
- Click on Administrators tab > Catalog Management > Catalog Items
- Find and select the newly created XaaS blueprint from the list and click Configure
- Find the Service field. Select the appropriate Service for the blueprint from the drop-down list and click OK
- Modify or create a SovLabs RESTipe to include the new field(s)
- Repeat Step 3 under Usage for vRA Administrators/Architects
End-user Usage
Create a VIP and/or Pool and have provisioned VMs added in as node members
- Login to the vRA tenant
- Click on the Catalog tab
- Request the F5 BIG-IP enabled blueprint
Add a new node member to an existing vRA Deployment
- Login to the vRA tenant
- Click on the Items tab
- Click on the Deployments menu option from the left menu
- Click on the desired deployment and click Scale Out
Remove a node member from an existing vRA Deployment
- Login to the vRA tenant
- Click on the Items tab
- Click on the Deployments menu option from the left menu
- Click on the desired deployment and click Scale In
Destroying a deployment
- Login to the vRA tenant
- Click on the Items tab
- Click on the Deployments menu option from the left menu
- Click on the desired deployment and click Destroy
Destroying a deployment will remove all node members from the Pool. If the Pool has no members, the Pool will be removed. If the VIP has no Pool and no node members, the VIP will be removed.
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Delete the F5 Virtual composite from the blueprint
- Optionally, remove the
SovLabs-F5NodeConfigurations
vRA Property Group from the vSphere Machine composite - Repeat Steps 1-4 for all desired blueprints
Puppet Enterprise
Advanced Module - Configuration Management
View features and compatibilityQuick Start Process
- Define Puppet Master(s)
- Define Puppet Agent(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- Create Puppet Certificate and Update Puppet Console configuration
Create the certificate on the Puppet CA that will be used for communication with the Puppet Console API and the Puppet CA API. This is the certificate that will be configured in your Puppet Master module for certificate credential from the CMP to the Puppet console. In order for the Puppet console API to accept the certificate, the configurations below need to be made.
Perform the following for each Puppet CA utilized
*In the following instructions, replace
CERTNAME
with the name to identify the automation account with, we recommendvrosvc
- Login to the Puppet CA
- Type in
su -
- Create a certificate key and replace
CERTNAME
accordingly:puppet cert generate CERTNAME
- Modify the
certificate_authority.pp
:- Type in
vi /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
- Find the following in the file and replace
CERTNAME
accordingly. If the following section does not already exist, copy and paste into the header of the file:class puppet_enterprise::profile::certificate_authority ( Array[String] $client_whitelist = [ CERTNAME ] )
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Modify
auth.conf
:- Type the following:
vi /etc/puppetlabs/puppetserver/conf.d/auth.conf
- Find and replace
CERTNAME
in the file accordingly. If the following section does not already exist, copy and paste into the header of the file:{ "allow" : [ "pe-internal-dashboard", CERTNAME ], "match-request" : { "method" : [ "get", "put", "delete" ], "path" : "/puppet-ca/v1/certificate_status", "query-params" : {}, "type" : "path" }, "name" : "puppetlabs certificate status", "sort-order" : 500 }
- Save the file: Hit the
esc
key and then type in:wq!
- Type the following:
- Modify the
rbac-certificate-whitelist
:- Type the following:
vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
- Add the
CERTNAME
to the end of the file, whereCERTNAME
is the name identified in Step 3 (e.g.vrosvc
) to the end of the file - Save the file: Hit the
esc
key and then type in:wq!
- Type the following:
- Restart necessary services
sudo service pe-console-services restart
- Setup or have a user for the Puppet Master, Puppet CA and Puppet database with either of the following:
root
with SSH keysroot
with password- Service account with
sudo
permissions
- Collect the appropriate keys from the Puppet Master:
Type Location CA Certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt
Service Account Certificate /etc/puppetlabs/puppet/ssl/certs/CERTNAME
Service Account Private Key /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME
*Replace
CERTNAME
accordingly (e.g.vrosvc
) - If any Puppet Agents are Windows OS:
- Set up WinRM on a vRA blueprint
- Ensure NTP is set up correctly
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Puppet Master Configuration
- Add Puppet Agent Configuration
- Add SovLabs vCenter Endpoint
Setup
- Login to the vRA tenant
- Perform this step only if using VMware Tools to connect a Puppet server (e.g Puppet Master, Console, Compile Master(s), Database, Hiera)
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
Determine if the Puppet Master server (and if defined separately, the Console/Database/Compile Masters/Hiera servers) will be using the same credentials to log in. If so, perform this step:
On the Catalog page, click on the Request button for Manage Credential Configuration
- Action: Create
- Type: Puppet
- Subtype: Only the Hiera server (if defined separately) can be Windows
- Connection method: Select the desired connection method
-
On the Catalog page, click on the Request button for Add Puppet Master Configuration
Puppet Master Configuration
A Puppet Master Configuration is a target Puppet Master
General Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Puppet Master version Select the Puppet Master version Puppet Master Connection Configuration Puppet Master OS family Currently, only allows for unix
Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
Puppet Master connection method Select the connection method to connect to the Puppet Master server Puppet Master hostname Hostname of Puppet Master server (FQDN) Puppet Master vCenter Endpoint *Shown when 'Puppet Master connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in (Step 2)
Puppet Master VM name as it appears in vCenter *Shown when 'Puppet Master connection method' is
vmware-tools
Type in the VM name of the Puppet Master server as it appears in vCenter
Directory for temporary Puppet Master scripts Directory to put temporary scripts on the Puppet Master Create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Username *Shown when 'Create credential' is checked
Username for Puppet Master server
Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Console Configuration Console OS family Currently, only allows for unix
Console port Port the Puppet Console listens on, defaults to 4433
Console connection method Select the connection method to connect to the Puppet Console server Console hostname Puppet Console server in FQDN format Console vCenter Endpoint *Shown when 'Console connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Console VM resides in (Step 2)
Console VM name as it appears in vCenter *Shown when 'Console connection method' is
vmware-tools
Type in the VM name of the Puppet Console server as it appears in vCenter
Directory for temporary Console scripts Directory to put temporary scripts on the Console Console create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Console credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Console credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Console SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Console Username *Shown when 'Create credential' is checked
Username for Puppet Console server
Console Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Console SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Console SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Compile Masters Use separate Compile Masters? Check the checkbox to define Compile Masters Compile Masters OS family *Shown when 'Use separate Compile Masters' is checked
Currently, only allows forunix
Compile Masters connection method *Shown when 'Use separate Compile Masters' is checked
Select the connection method to connect to the Compile MastersCompile Masters hostnames *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is
Enter the Compile Master(s) in FQDN formatSSH
Compile Masters vCenter Endpoint *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Compile Master VMs reside in (Step 2)
Compile Masters VM names as they appear in vCenter *Shown when 'Use separate Compile Masters' is checked and 'Compile Masters connection method' is
vmware-tools
Type in the VM names of the Puppet Compile Master servers as they appear in vCenter
Directory for temporary Compile Masters scripts *Shown when 'Use separate Compile Masters' is checked
Directory to put temporary scripts on the Compile MastersCompile Masters create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Compile Masters Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Compile Masters credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Compile Masters SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Compile Masters Username *Shown when 'Create credential' is checked
Username for Compile Masters
Compile Masters Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Compile Masters SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Compile Masters SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Database Configuration Use separate database? Check the checkbox to define database Database OS family *Shown when 'Use separate database' is checked
Currently, only allows forunix
Database connection method *Shown when 'Use separate database' is checked
Select the connection method to connect to the Puppet Database serverDatabase hostname *Shown when 'Use separate database' is checked and 'Database connection method' is
Database hostname in FQDN formatSSH
Database vCenter Endpoint *Shown when 'Database connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in (Step 2)
Database VM name as it appears in vCenter *Shown when 'Database connection method' is
vmware-tools
Type in the VM name of the Puppet Database server as it appears in vCenter
Directory for temporary Database scripts *Shown when 'Use separate database' is checked
Directory to put temporary scripts on the databaseDatabase create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Database credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Database credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Database SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Database Username *Shown when 'Create credential' is checked
Username for Puppet Database server
Database Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Database SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Database SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Group Configuration Parent Group Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under Can be templated: SovLabs Template Engine
Parent Group Environment The parent group environment Can be templated: SovLabs Template Engine
Group name template Template for the group name Can be templated: SovLabs Template Engine
Certificate PEM files API Certificate Puppet API Certificate PEM file
*Normally found on the Puppet Master and is the Service Account Certificate (Prerequisites Step 3):
/etc/puppetlabs/puppet/ssl/certs/CERTNAME
API RSA Private Key Puppet API RSA Private Key PEM file
*Normally found on the Puppet Master and is the Service Account Private Key (Prerequisites Step 3):
/etc/puppetlabs/puppet/ssl/private_keys/CERTNAME
API CA Certificate CA Certification
*Normally found on the Puppet Master and is the CA Certificate (Prerequisites Step 3):
/etc/puppetlabs/puppet/ssl/ca/ca_crt
Certificate Authority Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If checked yes, skips signing the certificate Certificate Authority hostname Puppet Certificate Authority Hostname (FQDN) Certificate Authority port Port the Puppet Certificate Authority listens on, defaults to 8140
Hiera Configuration Create hiera node data? Check the checkbox to create hiera node data Hiera on Puppet Master server? Uncheck the checkbox only if the hiera server is on a different server from the Puppet Master Hiera OS Family *Shown when 'Hiera on Puppet Master server?' is unchecked
Select Hiera OS typeHiera connection method *Shown when 'Hiera on Puppet Master server?' is unchecked
Select the connection methodHiera hostname *Shown when 'Hiera on Puppet Master server?' is unchecked and 'Hiera connection method' is
Hiera hostname (FQDN)SSH
Hiera vCenter Endpoint *Shown when 'Hiera connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Hiera VM resides in (Step 2)
Hiera VM name as it appears in vCenter *Shown when 'Hiera connection method' is
vmware-tools
Type in the VM name of the Hiera server as it appears in vCenter
Directory for temporary Hiera scripts *Shown when 'Hiera on Puppet Master server?' is unchecked
Directory to put temporary scripts on the Hiera serverHiera create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Hiera credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Hiera credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Hiera SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Hiera Username *Shown when 'Create credential' is checked
Username for Hiera server
Hiera Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Hiera SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Hiera SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Hiera Node Data configuration *Shown when 'Create Hiera node data?' is checked
Hiera node data format *Shown when 'Create Hiera node data?' is checked
Hiera node data formatHiera node data filename *Shown when 'Create Hiera node data?' is checked
Filename for hiera node dataCan be templated: SovLabs Template Engine
Hiera node data template *Shown when 'Create Hiera node data?' is checked
Hiera data templateCan be templated: SovLabs Template Engine
Hiera eyaml Public Key *Shown when 'Hiera node data format' is
Hiera eyaml public keyeyaml
*Entire section is only shown when 'Create hiera node data' is checked
Hiera Pre-Create Script Hiera pre-create script Script to execute prior to creating the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-create script arguments Script arguments, if any Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-create script *Shown when 'Use separate Compile Masters' is checked
Script to execute prior to creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-create script arguments *Shown when 'Use separate Compile Masters' is checked
Script arguments, if anyCompile Masters Hiera pre-create script interpreter *Shown when 'Use separate Compile Masters' is checked
Script interpreter, e.g./bin/bash
Hiera Post-Create Script Hiera post-create script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Hiera post-create script arguments Script arguments, if any Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera post-create script *Shown when 'Use separate Compile Masters' is checked
Script to execute after creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera post-create script arguments *Shown when 'Use separate Compile Masters' is checked
Script arguments, if anyCompile Masters Hiera post-create script interpreter *Shown when 'Use separate Compile Masters' is checked
Script interpreter, e.g./bin/bash
Hiera Pre-Delete Script Hiera pre-delete script Script to execute prior to deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-delete script arguments Script arguments, if any Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-delete script *Shown when 'Use separate Compile Masters' is checked
Script to execute prior to deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-delete script arguments *Shown when 'Use separate Compile Masters' is checked
Script arguments, if anyCompile Masters Hiera pre-delete script interpreter *Shown when 'Use separate Compile Masters' is checked
Script interpreter, e.g./bin/bash
Hiera Post-Delete Script Hiera post-delete script Script to execute after deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera post-delete script arguments Script arguments, if any Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
Compile MastersHiera post-delete script *Shown when 'Use separate Compile Masters' is checked
Script to execute after deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile MastersHiera post-delete script arguments *Shown when 'Use separate Compile Masters' is checked
Script arguments, if anyCompile Masters Hiera post-delete script interpreter *Shown when 'Use separate Compile Masters' is checked
Script interpreter, e.g./bin/bash
Purge node script Script purge the node Can be templated: SovLabs Template Engine
Purge node script arguments Script arguments, if any Purge node script interpreter Script interpreter, e.g. /bin/bash
Compile Masters *Shown when 'Use separate Compile Masters' is checked
Compile Masters Purge node script Script purge the node Can be templated: SovLabs Template Engine
Compile Masters Purge node script arguments Script arguments, if any Compile Masters Purge node script interpreter Script interpreter, e.g. /bin/bash
Console Purge node console script Script purge the node Can be templated: SovLabs Template Engine
Purge node console script arguments Script arguments, if any Purge node console script interpreter Script interpreter, e.g. /bin/bash
Database *Shown when 'Use separate database' is checked
Purge node database script Script purge the node Can be templated: SovLabs Template Engine
Purge node database script arguments Script arguments, if any Purge node database script interpreter Script interpreter, e.g. /bin/bash
-
On the Catalog page, click on the Request button for Add Puppet Agent Configuration
Puppet Agent Configuration
A Puppet Agent configuration defines the Puppet Agent settings
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Puppet version Select the Puppet Agent version Puppet environment Provisioned node environment Can be templated to be derived from vRA custom property on the blueprint: SovLabs Template Engine
OS Family for provisioned nodes unix
orwindows
Directory for temporary scripts Directory to put temporary scripts on the provisioned node Connection Info Connection type Select the desired connection type to the provisioned node vCenter Endpoint *Shown when 'Connection type' is vmware-tools
Select the vCenter Endpoint
Credential Configuration for Provisioned Node Create credential? Uncheck the checkbox to choose from existing Provisioned Node credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
SSH Key used? *Shown when 'Create credential' is checked and 'Connection type' is SSH based
Check whether or not an SSH key is used
Username *Shown when 'Create credential' is checked
Username for the provisioned node
Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
puppet.conf configuration puppet.conf file content Contents of puppet.conf
file - if left blank, thepuppet.conf
will not be updated on the provisioned nodeCan be templated: SovLabs Template Engine
puppet.conf filename Can be templated: SovLabs Template Engine
Facter Files Facter facts template Template of the facter facts Warning: Facter facts file contents does not support encryption
Can be templated: SovLabs Template Engine
Facter facts format Format for the Facter facts file Facter facts filename Can be templated: SovLabs Template Engine
Filename (with path) for Facter factsClasses Classes Add existing classes in Puppet Console for provisioned node to join Can be templated: SovLabs Template Engine
- Single class example with no parameters:
{ "sudo":{} }
- Single class example with 2 parameters:
{ "sudo": {"param1": "val1", "param2": "val2"} }
- Multi-class example with no parameters:
{ "sudo" : {}, "apache": {} }
- Multi-class example with 2 parameters:
{ { "sudo": {"param1": "val1", "param2": "val2"}}, { "apache": {"param1": "val1", "param2": "val2"}} }
Custom group name When classes are defined, creates a custom group with this specified name Can be templated: SovLabs Template Engine
Groups Groups Add existing groups in Puppet Console for provisioned node to join Can be templated: SovLabs Template Engine
Installer File(s) Source Installer file Define source installer file (for Windows Puppet Agent) Destination Installer file Define destination installer file (for Windows Puppet Agent) Install Puppet on a Node Script Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed Can be templated: SovLabs Template Engine
Install script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Install script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpretersMax retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content Run Puppet Script Run Puppet script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Run Puppet script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Run Puppet script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpretersRun Puppet Script Validation Run Puppet script success exit codes Success exit codes. *List multiple exit codes comma separated
Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Run Puppet Script Validation prior to Certificate being Signed Pre-certificate success exit codes Success exit codes. *List multiple exit codes comma separated
Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Final Run Puppet Script Validation Final Puppet Run script success exit codes Success exit codes. *List multiple exit codes comma separated
Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Post Script Script to execute after the final Puppet Run Can be templated: SovLabs Template Engine
Post script arguments Script arguments, if any Post script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpretersPost Script Validation Post script success exit codes Success exit codes. *List multiple exit codes comma separated
Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Pre-Puppet Remove script Script to run prior to removing Puppet from node Can be templated: SovLabs Template Engine
Pre-Puppet Remove script arguments Script arguments, if any Pre-Puppet Remove script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpreters - Single class example with no parameters:
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the two vRA property groups for Puppet Enterprise:
- Starts with
SovLabs-PuppetMaster-
- Starts with
SovLabs-PuppetAgent-
Do not attach more than 1 pair of Puppet Enterprise vRA property groups to a vRA blueprint
- Starts with
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, remove the two vRA property groups for Puppet Enterprise:
- Starts with
SovLabs-PuppetMaster-
- Starts with
SovLabs-PuppetAgent-
- Starts with
- Repeat Step 3 for all desired blueprints
Puppet Open Source with Foreman
Advanced Module - Configuration Management
View features and compatibilityQuick Start Process
- Define Foreman Master(s)
- Define Foreman Agent(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- Create Puppet Certificate and Update Puppet Console configuration
Create the certificate on the Puppet CA that will be used for communication with the Foreman API and the Puppet CA API.
Perform the following for each Puppet CA utilized
*In the following instructions, replace
CERTNAME
with the name to identify the automation account with, we recommendvrosvc
- Login to the Puppet CA
- Type in
su -
- Create a certificate key:
puppet cert generate CERTNAME
- Modify
auth.conf
:- Type in
vi /etc/puppet/auth.conf
- If the following section does not exist, copy and paste the following section into the
auth.conf
file, and replaceCERTNAME
with the certificate name you created in Step 1 (without the .pem extension). This is case-sensitive. If the section does exist, add your certificate to the allow list:path /certificate_status method find, save, search auth yes allow CERTNAME
- Save the file: Hit the
esc
key and then type in:wq!
- Type in
- Restart necessary services by typing in:
service puppet restart
- Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
root
with SSH keysroot
with password- Service account with
sudo
permissions
- Collect the appropriate keys from the Puppet Master:
Type Location CA Certificate /var/lib/puppet/ssl/ca/ca_crt.pem
Service Account Certificate /var/lib/puppet/ssl/certs/CERTNAME.pem
Service Account Private Key /var/lib/puppet/ssl/private_keys/CERTNAME.pem
*Replace
CERTNAME
accordingly (e.g.vrosvc
) - If any Puppet Agents are Windows OS:
- Set up WinRM on a vRA blueprint
- Ensure NTP is set up correctly
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Foreman Master Configuration
- Add Foreman Agent Configuration
- Add SovLabs vCenter Endpoint
Setup
- Login to the vRA tenant
- Perform this step only if using VMware Tools to connect a Puppet server (e.g Puppet Master, Console, Hiera, etc)
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
SovLabs vCenter Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Choose the appropriate vCenter version Platform Service Controller (FQDN) *Shown when 'Version' is 6+
Type in the PSC FQDNIs the PSC embedded on the vCenter server? *Shown when 'Version' is 6+
vCenter hostname (FQDN) *Shown when 'Is the PSC embedded on the vCenter server?' is not checked or if 'Version' is 5.5x
Type in the vCenter server FQDNCredential Configuration for vCenter Endpoint Create credential? Uncheck the checkbox to choose from existing vCenter Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (user@example.com)
Password *Shown when 'Create credential' is checked
User's password
- On the Catalog page, click on the Request button for Add SovLabs vCenter Endpoint
Determine if the Puppet Master server (and if defined separately, the Console/Database/Compile Masters/Hiera servers) will be using the same credentials to log in. If so, perform this step:
On the Catalog page, click on the Request button for Manage Credential Configuration
- Action: Create
- Type: Puppet
- Subtype: Only the Hiera server (if defined separately) can be Windows
- Connection method: Select the desired connection method
-
On the Catalog page, click on the Request button for Add Foreman Master Configuration
Foreman Master Configuration
A Foreman Master Configuration is a target Foreman Master
General Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Puppet Open Source with Foreman version Select the Puppet Open Source with Foreman version Foreman Configuration Use Foreman classifier? Check the checkbox to define a separate Foreman server (if not on the Puppet Master) Foreman Hostname Foreman hostname in FQDN formaat Foreman Port Port for Foreman, defaults to 443
Create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username for Foreman server
Password *Shown when 'Create credential' is checked
User's password
Puppet Master connection configuration Puppet Master OS family Currently, only allows for unix
Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
Puppet Master connection method Select the connection method to connect to the Puppet Master server Puppet Master hostname Hostname of Puppet Master server (FQDN) Puppet Master vCenter Endpoint *Shown when 'Puppet Master connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in (Step 2)
Puppet Master VM name as it appears in vCenter *Shown when 'Puppet Master connection method' is
vmware-tools
Type in the VM name of the Puppet Master server as it appears in vCenter
Directory for temporary Puppet Master scripts Directory to put temporary scripts on the Puppet Master Create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Username *Shown when 'Create credential' is checked
Username for Puppet Master server
Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Compile Masters Compile Master defined? Check the checkbox to define Compile Masters Compile Masters OS family *Shown when 'Compile Master defined' is checked
Currently, only allows forunix
Compile Masters connection method *Shown when 'Compile Master defined' is checked
Select the connection method to connect to the Compile MastersCompile Masters hostnames *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is
Enter the Compile Master(s) in FQDN formatSSH
Compile Masters vCenter Endpoint *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Compile Master VMs reside in (Step 2)
Compile Masters VM names as they appear in vCenter *Shown when 'Compile Master defined' is checked and 'Compile Masters connection method' is
vmware-tools
Type in the VM names of the Puppet Compile Master servers as they appear in vCenter
Directory for temporary Compile Masters scripts *Shown when 'Compile Master defined' is checked
Directory to put temporary scripts on the Compile MastersCompile Masters create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Compile Masters Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Compile Masters credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Compile Masters SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Compile Masters Username *Shown when 'Create credential' is checked
Username for Compile Masters
Compile Masters Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Compile Masters SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Compile Masters SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Database Configuration Database defined? Check the checkbox to define database Database OS family *Shown when 'Database defined' is checked
Currently, only allows forunix
Database connection method *Shown when 'Database defined' is checked
Select the connection method to connect to the Puppet Database serverDatabase hostname *Shown when 'Database defined' is checked and 'Database connection method' is
Database hostname in FQDN formatSSH
Database vCenter Endpoint *Shown when 'Database connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in (Step 2)
Database VM name as it appears in vCenter *Shown when 'Database connection method' is
vmware-tools
Type in the VM name of the Puppet Database server as it appears in vCenter
Directory for temporary Database scripts *Shown when 'Database defined' is checked
Directory to put temporary scripts on the databaseDatabase create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Database credential *Shown when 'Database defined' is unchecked
Select the appropriate credential from an existing list of credentials
Database credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Database SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Database Username *Shown when 'Create credential' is checked
Username for Puppet Database server
Database Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Database SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Database SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Certificate PEM files API Certificate Puppet API Certificate PEM file
*Normally found on the Puppet Master and is the Service Account Certificate (Prerequisites Step 3):
/var/lib/puppet/ssl/certs/CERTNAME.pem
API RSA Private Key Puppet API RSA Private Key PEM file
*Normally found on the Puppet Master and is the Service Account Private Key (Prerequisites Step 3):
/var/lib/puppet/ssl/private_keys/CERTNAME.pem
API CA Certificate CA Certification
*Normally found on the Puppet Master and is the CA Certificate (Prerequisites Step 3):
/var/lib/puppet/ssl/ca/ca_crt.pem
Certificate Authority Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? Check the checkbox to skip signing the certificate Certificate Authority hostname Puppet Certificate Authority Hostname (FQDN) Certificate Authority port Port the Puppet Certificate Authority listens on, defaults to 8140
Hiera Configuration Create Hiera node data? Check the checkbox to create hiera node data Hiera on Puppet Master server? Uncheck the checkbox if the hiera server is on a different server from the Puppet Master Hiera OS family *Shown when Hiera on Puppet Master server is unchecked
Hiera OS typeHiera connection method *Shown when Hiera on Puppet Master server is unchecked
Select the connection methodHiera hostname *Shown when 'Hiera on Puppet Master server?' is unchecked and 'Hiera connection method' is
Hiera hostname (FQDN)SSH
Hiera vCenter Endpoint *Shown when 'Hiera connection method' is
vmware-tools
Select an existing SovLabs vCenter Endpoint where the Hiera VM resides in (Step 2)
Hiera VM name as it appears in vCenter *Shown when 'Hiera connection method' is
vmware-tools
Type in the VM name of the Hiera server as it appears in vCenter
Directory for temporary Hiera scripts *Shown when 'Hiera on Puppet Master server?' is unchecked
Directory to put temporary scripts on the Hiera serverHiera create credential? Uncheck the checkbox to choose from existing Puppet credentials
Check the checkbox to create a new credential
Hiera credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Hiera credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Hiera SSH Key used? *Shown when 'Create credential' is checked and 'Connection method' is
SSH
Check whether or not an SSH key is used
Hiera Username *Shown when 'Create credential' is checked
Username for Hiera server
Hiera Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
Hiera SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
Hiera SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
Hiera Node Data configuration *Shown when 'Create Hiera node data?' is checked
Hiera node data format *Shown when 'Create Hiera node data?' is checked
Hiera node data formatHiera node data filename *Shown when 'Create Hiera node data?' is checked
Filename for hiera node dataCan be templated: SovLabs Template Engine
Hiera node data template *Shown when 'Create Hiera node data?' is checked
Hiera data templateCan be templated: SovLabs Template Engine
Hiera eyaml Public Key *Shown when 'Hiera node data format' is
Hiera eyaml public keyeyaml
*Entire section is only shown when Create Hiera Node Data is 'Yes'
Hiera Pre-Create Script Hiera pre-create script Script to execute prior to creating the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-create script arguments Script arguments, if any Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-create script *Shown when Use separate Compile Masters is 'Yes'
Script to execute prior to creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-create script arguments *Shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera pre-create script interpreter *Shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera Post-Create Script Hiera post-create script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Hiera post-create script arguments Script arguments, if any Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera post-create script *Shown when Use separate Compile Masters is 'Yes'
Script to execute after creating the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera post-create script arguments *Shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera post-create script interpreter *Shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera Pre-Delete Script Hiera pre-delete script Script to execute prior to deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera pre-delete script arguments Script arguments, if any Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera pre-delete script *Shown when Use separate Compile Masters is 'Yes'
Script to execute prior to deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera pre-delete script arguments *Shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera pre-delete script interpreter *Shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Hiera Post-Delete Script Hiera post-delete script Script to execute after deleting the hiera node data Can be templated: SovLabs Template Engine
Hiera post-delete script arguments Script arguments, if any Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
Compile Masters Hiera post-delete script *Shown when Use separate Compile Masters is 'Yes'
Script to execute after deleting the hiera node data on the Compile MastersCan be templated: SovLabs Template Engine
Compile Masters Hiera post-delete script arguments *Shown when Use separate Compile Masters is 'Yes'
Script arguments, if anyCompile Masters Hiera post-delete script interpreter *Shown when Use separate Compile Masters is 'Yes'
Script interpreter, e.g./bin/bash
Purge Node Script Script purge the node Can be templated: SovLabs Template Engine
Purge node script arguments Script arguments, if any Purge node script interpreter Script interpreter, e.g. /bin/bash
-
On the Catalog page, click on the Request button for Add Foreman Agent Configuration
Foreman Agent Configuration
A Foreman Agent configuration defines the Puppet Open Source with Foreman Agent settings
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Puppet Open Source with Foreman version Select the Puppet Agent version Puppet environment Provisioned node environment Can be templated to be derived from vRA custom property on the blueprint: SovLabs Template Engine
OS Family for provisioned nodes unix
orwindows
Directory for temporary scripts Directory to put temporary scripts on the provisioned node Connection Info Connection type Select the desired connection type to the provisioned node vCenter Endpoint *Shown when 'Connection type' is vmware-tools
Select the vCenter Endpoint
Credential Configuration for Provisioned Node Create credential? Uncheck the checkbox to choose from existing Provisioned Node credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
SSH Key used? *Shown when 'Create credential' is checked and 'Connection type' is SSH based
Check whether or not an SSH key is used
Username *Shown when 'Create credential' is checked
Username for the provisioned node
Password *Shown when 'Create credential' is checked and 'SSH Key used?' is unchecked
User's password
SSH Key *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key
SSH Key Password *Shown when 'Create credential' is checked and 'SSH Key used?' is checked
SSH Key password, if any
puppet.conf configuration puppet.conf file content Contents of puppet.conf
file - if left blank, thepuppet.conf
will not be updated on the provisioned nodeCan be templated: SovLabs Template Engine
puppet.conf filename Can be templated: SovLabs Template Engine
Facter Files Facter facts template Template of the facter facts Warning: Facter facts file contents does not support encryption
Can be templated: SovLabs Template Engine
Facter facts format Format for the Facter facts file Facter facts filename Can be templated: SovLabs Template Engine
Filename (with path) for Facter factsClasses Classes Add existing classes for provisioned node to join Can be templated: SovLabs Template Engine
- Single class example with no parameters:
{ "sudo":{} }
- Single class example with 2 parameters:
{ "sudo": {"param1": "val1", "param2": "val2"} }
- Multi-class example with no parameters:
{ "sudo" : {}, "apache": {} }
- Multi-class example with 2 parameters:
{ { "sudo": {"param1": "val1", "param2": "val2"}}, { "apache": {"param1": "val1", "param2": "val2"}} }
Group Host Group Add existing host groups for provisioned node to join Can be templated: SovLabs Template Engine
Installer File(s) Source Installer file Define source installer file (for Windows Puppet Agent) Destination Installer file Define destination installer file (for Windows Puppet Agent) Install Puppet on a Node Script Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed Can be templated: SovLabs Template Engine
Install script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Install script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpretersMax retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content Run Puppet Script Run Puppet script Script to execute after creating the hiera node data Can be templated: SovLabs Template Engine
Run Puppet script arguments Script arguments, if any Can be templated: SovLabs Template Engine
Run Puppet script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpretersRun Puppet Script Validation Run Puppet script success exit codes Success exit codes. *List multiple exit codes comma separated
Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Run Puppet Script Validation prior to Certificate being Signed Pre-certificate success exit codes Success exit codes. *List multiple exit codes comma separated
Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Final Run Puppet Script Validation Final Puppet Run script success exit codes Success exit codes. *List multiple exit codes comma separated
Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Post Script Script to execute after the final Puppet Run Can be templated: SovLabs Template Engine
Post script arguments Script arguments, if any Post script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpretersPost Script Validation Post script success exit codes Success exit codes. *List multiple exit codes comma separated
Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any Pre-Puppet Remove script Script to run prior to removing Puppet from node Can be templated: SovLabs Template Engine
Pre-Puppet Remove script arguments Script arguments, if any Pre-Puppet Remove script interpreter Script interpreter, e.g.
/bin/bash
*For Windows, only
powershell
andbat
are valid interpreters - Single class example with no parameters:
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the two vRA property groups for Puppet Open Source with Foreman:
- Starts with
SovLabs-ForemanMaster-
- Starts with
SovLabs-ForemanAgent-
Do not attach more than 1 pair of Puppet Open Source with Foreman vRA property groups to a vRA blueprint
- Starts with
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, remove the two vRA property groups for Puppet Open Source with Foreman:
- Starts with
SovLabs-ForemanMaster-
- Starts with
SovLabs-ForemanAgent-
- Starts with
- Repeat Step 3 for all desired blueprints
ServiceNow CMDB
Advanced Module - Service Management
View features and compatibilityQuick Start Process
- Define ServiceNow Endpoint(s)
- Define ServiceNow CMDB Configuration(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- ServiceNow CMDB is properly configured
- ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
- If incorporating with VMware ITSM, perform the following:
- Once the VMware ITSM plug-in installed, set the
u_vra_uid
column to read/write from read only - In ServiceNow, navigate to System Definition
- Under Column name, search for u_vra_uid
- Click the cmdb_ci table from the results
- Uncheck Read only and Check Read/Write
- Click Update
- Once the VMware ITSM plug-in installed, set the
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add ServiceNow Endpoint
- Add ServiceNow CMDB
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for: Add ServiceNow Endpoint
ServiceNow Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Host URL URL to ServiceNow endpoint. Start with http
orhttps
Version Select the ServiceNow version Credential Configuration for ServiceNow Endpoint Create credential? Uncheck the checkbox to choose from existing ServiceNow Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username for ServiceNow host
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add ServiceNow CMDB Configuration
ServiceNow CMDB Configuration
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
ServiceNow Endpoint Select the desired ServiceNow endpoint Use Import Set? Select whether or not to use Import Set Table name Select the table to add/remove records from Import Set Name *Shown when 'Use Import Set' is checked
Import set name in ServiceNowDelete using Import Set? *Shown when 'Use Import Set' is checked
If No, the record will be deleted from the database tables directly
If Yes, verify the
u_action
field is configured on the Import Set and defined in the Transform scriptExample transform script:
if (source.u_action == 'delete') { var vms = new GlideRecord('cmdb_ci_vm_instance'); vms.addQuery('correlation_id', source.u_sovlabs_id); vms.deleteMultiple(); }
JSON template Modify the JSON template accordingly
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for ServiceNow CMDB:
Starts with
SovLabs-SNowCMDB-
Do not attach more than 1 ServiceNow CMDB property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for ServiceNow CMDB:
Starts with
SovLabs-SNowCMDB-
- Repeat Step 3 for all desired blueprints
Red Hat Satellite
Advanced Module - Configuration Management
View features and compatibilityQuick Start Process
- Define Satellite Configuration(s)
- Apply to existing blueprint(s)
- Provision!
Prerequisites
- Red Hat Satellite server is properly configured
- Red Hat Satellite server is configured to utilize activation key(s) for registering nodes
- Red Hat Satellite service user account must have rights to add/update/delete content hosts
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Satellite Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Satellite Configuration
Satellite Configuration
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Satellite Hostname FQDN or IP address of Red Hat Satellite server Create credential? Uncheck the checkbox to choose from existing Satellite Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username for Red Hat Satellite server
Password *Shown when 'Create credential' is checked
User's password
Satellite Organization *Auto-generated list based on valid Satellite hostname and Satellite credential
Select the desired organization to register VMs to
Activation Key(s) names or template List any/all Red Hat Satellite activation keys by name
*Can be templated: SovLabs Template Engine
Satellite API 6 upgrade_all? Perform Satellite API 6 upgrade_all? Instructs Red Hat Satellite to update the installed RPM packages to the latest available revisions Provisioned Node Credential Configuration Credentials to the VMs that will be provisioned
Create credential? Uncheck the checkbox to choose from existing Provisioned Node credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username for the provisioned VM
Use SSH Key? *Shown when 'Create Credential' is checked
Select whether or not the provisioned VM will utilize an SSH key
Password *Shown when 'Create Credential' is checked and 'Use SSH Key' is unchecked
User's password
SSH Key *Shown when 'Create Credential' is checked and 'Use SSH Key' is checked
SSH Key
SSH Key Password *Shown when 'Create Credential' is checked and 'Use SSH Key' is checked
SSH Key's password, if any
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Red Hat Satellite:
Starts with
SovLabs-Satellite-
Do not attach more than 1 Red Hat Satellite property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Red Hat Satellite:
Starts with
SovLabs-Satellite-
- Repeat Step 3 for all desired blueprints
Rubrik Backup as a Service
Advanced Module - Backup as a Service Management
View features and compatibilityQuick Start Process
- Define Rubrik Cluster Endpoint(s)
- Configure Rubrik Backup Profile
- Define Notification Configuration for Rubrik
- Apply Backup Profile to existing blueprint(s)
- Provision and recover VMs!
Prerequisites
- Rubrik Cluster is properly configured
- Service account with Administrative privileges on the Rubrik Cluster(s)
- Email notification:
- User account with permissions to the email servers desired
- If utilizing an email server, gather the following details:
- IP Address/hostname of the email server
- Is the service SMTP or IMAP?
- Credential details (username/password)
- Whether SSL/TLS or STARTTLS is required to send emails through your email server
- Port # of SMTP or IMAP service on that host
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
- Existing SLA Domain(s) on the Rubrik Cluster(s)
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Rubrik Cluster Endpoint
- Add Rubrik Backup Profile
- Add Notification Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Rubrik Cluster Endpoint
Rubrik Cluster Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Select the Rubrik Cluster version Hostname Rubrik Cluster hostname (FQDN or IP address) HTTPS? Rubrik Cluster is always HTTPS Port Rubrik Cluster port number Credential Configuration for Rubrik Cluster Endpoint Create credential? Uncheck the checkbox to choose from existing Rubrik Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (no domain)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add Rubrik Backup Profile
Rubrik Backup Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Rubrik Cluster Endpoint Select the desired Rubrik Cluster Endpoint Protection type Select the desired Protection type
SLA Domain *Shown when Protection type is 'Specify SLA Domain'
*Auto-generated list based on Rubrik Cluster Endpoint selected
Select the desired SLA Domain
-
On the Catalog page, click on the Request button for Add Notification Configuration
Notification Configuration
A notification configuration holds all the necessary information to send notifications
Field Value Type Select Backup as a Service - Rubrik Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
*Please keep as auto-generated label
State *Please keep both SUCCESS and ERROR checked
Message type *Please keep as Email
Format Select the desired format From address Type the email address that will be sending the notification Can be templated: SovLabs Template Engine
Title *Auto-generated Notification title
Can be templated: SovLabs Template Engine
Body Body message - defaulted to standard templates. Please update accordingly Can be templated: SovLabs Template Engine
Message Server configuration New Message Server? Check the checkbox to create a new message server
Uncheck to choose an existing message server
Message Server *Shown when 'New Message Server' is unchecked
Select the desired message server from a list of existing message serversMessage server configuration label *Shown when 'New Message Server' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Message Server Address *Shown when 'New Message Server' is checked
Message Server address (SMTP or IMAP host)
Enable SSL? *Shown when 'New Message Server' checked
Choose whether or not SSL is enabled on the message serverMessage Server port *Shown when 'New Message Server' is checked
Message Server port
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
Message Server protocol *Shown when 'New Message Server' is checked
Select the appropriate protocolEnable credential? *Shown when 'New Message Server' is checked
Select whether credentials are enabled on the message serverCreate credential? Uncheck the checkbox to choose from existing Message Server credentials
Check the checkbox to create a new credential
Credential *Shown when 'Enable credential' is checked and 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials for the Message Server
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
Username's password
Enable STARTTLS? *Shown when 'New Message Server' is checked and 'Message Type' is Email
Select whether or not to enable STARTTLS
Network timeout Defaulted to 6000 Email Group configuration New Email Group? Check the checkbox to create a new email group
Email Group configuration label *Please keep as auto-generated label
To addresses *Please keep auto-generated value
Enter all additional email addresses to send the notifications to
Can be templated: SovLabs Template Engine
CC addresses Enter all the email addresses to CC the notifications to
Can be templated: SovLabs Template Engine
BCC addresses Enter all the email addresses to BCC the notifications to
Can be templated: SovLabs Template Engine
Only add 1 Notification Configuration for Rubrik
No further action is necessary to set up SovLabs Notifications for Rubrik Backup as a Service module. The Notification Configuration for Rubrik may be updated any time
- Do not add a Notification Group. A notification group for Rubrik Notification Configuration gets auto-generated. The Rubrik Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Rubrik is deleted
Usage
Apply to vRA blueprint(s)
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Rubrik Backup as a Service:
Starts with
SovLabs-Rubrik-
Do not attach more than 1 Rubrik Backup as a Service property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
- Provision
End-user Usage
Provide a guide on how to perform Day 2 operations to end-users
Download User Guide
Enable End-user to Select a Protection Type and SLA Domain at Request Time
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Rubrik Backup as a Service: SovLabs-RubrikChooseSLADomain
- Repeat Step 3 for all desired blueprints
- Provision
Enable End-user to Recover Files and Folders
Allow the end-user to see the Recover Files and Folders (Rubrik) action on a VM:
- Add the action to the entitlement
- Search text to type in the Name field is: Rubrik
- Action to add is:
Recover Files and Folders (Rubrik)
Enable End-user to Change SLA Domain
Allow the end-user to see the Change SLA Domain (Rubrik) action on a VM:
- Add the action to the entitlement
- Search text to type in the Name field is: Rubrik
- Action to add is:
Change SLA Domain (Rubrik)
Enable End-user to Instant Backup
Allow the end-user to see the Instant Backup (Rubrik) action on a VM:
- Add the action to the entitlement
- Search text to type in the Name field is: Rubrik
- Action to add is:
Instant Backup (Rubrik)
Disable
Remove from vRA blueprint(s)
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service:
Starts with SovLabs-Rubrik-
- Repeat Step 3 for all desired blueprints
End-userSelect a Protection Type and SLA Domain at Request Time
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service: SovLabs-RubrikChooseSLADomain
- Repeat Step 3 for all desired blueprints
End-userFile and Folder Recovery
Provide a guide on how to perform Day 2 operations to end-users
Download User Guide- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Rubrik Backup as a Service:
SovLabs-RubrikChooseSLADomain
- Search text to type in the Name field is: Rubrik
- Action to add is:
Recover Files and Folders (Rubrik)
- Search text to type in the Name field is: Rubrik
- Action to add is:
Change SLA Domain (Rubrik)
- Search text to type in the Name field is: Rubrik
- Action to add is:
Instant Backup (Rubrik)
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service:
Starts with
SovLabs-Rubrik-
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Rubrik Backup up as a Service:
SovLabs-RubrikChooseSLADomain
Once the process to restore a VM's files and folders has started, it cannot be stopped
Prevent the end-user from seeing the Recover Files and Folders (Rubrik) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Recover Files and Folders (Rubrik)
- Action to remove is:
End-userChange SLA Domain
Once the process to change a VM's Rubrik SLA Domain has started, it cannot be stopped
Prevent the end-user from seeing the Change SLA Domain (Rubrik) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Change SLA Domain (Rubrik)
- Action to remove is:
End-userInstant Backup
Once the process to instantly backup a VM has started, it cannot be stopped
Prevent the end-user from seeing the Instant Backup (Rubrik) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Instant Backup (Rubrik)
- Action to remove is:
Veeam Backup as a Service
Advanced Module - Backup as a Service Management
View features and compatibilityQuick Start Process
- Define Veeam Backup Enterprise Manager Endpoint(s)
- Configure Veeam Backup Profile
- Define Notification Configuration for Veeam
- Apply Backup Profile to existing blueprint(s)
- Provision and recover VMs!
Prerequisites
- Veeam Backup Enterprise Manager is properly configured
- Service account with Administrative privileges on the Veeam Backup Enterprise Manager(s)
- Email notification:
- User account with permissions to the email servers desired
- If utilizing an email server, gather the following details:
- IP Address/hostname of the email server
- Is the service SMTP or IMAP?
- Credential details (username/password)
- Whether SSL/TLS or STARTTLS is required to send emails through your email server
- Port # of SMTP or IMAP service on that host
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
- Existing Backup Job(s) on the Veeam BEM Endpoint(s)
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Veeam BEM Endpoint
- Add Veeam Backup Profile
- Add Notification Configuration
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Veeam BEM Endpoint
Veeam BEM Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Version Select the Veeam BEM version Hostname Veeam BEM hostname (FQDN) HTTPS? Choose whether or not the Veeam BEM Endpoint is HTTPS Port Veeam BEM port number Credential Configuration for Veeam BEM Endpoint Create credential? Uncheck the checkbox to choose from existing Veeam BEM Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username (no domain)
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for Add Veeam Backup Profile
Veeam Backup Profile
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Veeam BEM Endpoint Select the desired Veeam Backup Enterprise Manager Endpoint Backup Jobs *Auto-generated list based on Veeam BEM Endpoint selected
Select a Backup Job from the left column and click on the right arrow to move it to the right column.
Repeat for all desired Backup Jobs
-
On the Catalog page, click on the Request button for Add Notification Configuration
Notification Configuration
A notification configuration holds all the necessary information to send notifications
Field Value Type Select Backup as a Service - Veeam Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
*Please keep as auto-generated label
State *Please keep both SUCCESS and ERROR checked
Message type *Please keep as Email
Format Select the desired format From address Type the email address that will be sending the notification Can be templated: SovLabs Template Engine
Title *Auto-generated Notification title
Can be templated: SovLabs Template Engine
Body Body message - defaulted to standard templates. Please update accordingly Can be templated: SovLabs Template Engine
Message Server configuration New Message Server? Check the checkbox to create a new message server
Uncheck to choose an existing message server
Message Server *Shown when 'New Message Server' is unchecked
Select the desired message server from a list of existing message serversMessage server configuration label *Shown when 'New Message Server' is checked
*Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Message Server Address *Shown when 'New Message Server' is checked
Message Server address (SMTP or IMAP host)
Enable SSL? *Shown when 'New Message Server' checked
Choose whether or not SSL is enabled on the message serverMessage Server port *Shown when 'New Message Server' is checked
Message Server port
Common ports: (please verify with administrator or provider)
- SMTP: 25, 465 (SSL), 587 (STARTTLS)
- IMAP: 143 or 993 (SSL)
Message Server protocol *Shown when 'New Message Server' is checked
Select the appropriate protocolEnable credential? *Shown when 'New Message Server' is checked
Select whether credentials are enabled on the message serverCreate credential? Uncheck the checkbox to choose from existing Message Server credentials
Check the checkbox to create a new credential
Credential *Shown when 'Enable credential' is checked and 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials for the Message Server
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label
Username *Shown when 'Create credential' is checked
Username
Password *Shown when 'Create credential' is checked
Username's password
Enable STARTTLS? *Shown when 'New Message Server' is checked and 'Message Type' is Email
Select whether or not to enable STARTTLS
Network timeout Defaulted to 6000 Email Group configuration New Email Group? Check the checkbox to create a new email group
Email Group configuration label *Please keep as auto-generated label
To addresses *Please keep auto-generated value
Enter all additional email addresses to send the notifications to
Can be templated: SovLabs Template Engine
CC addresses Enter all the email addresses to CC the notifications to
Can be templated: SovLabs Template Engine
BCC addresses Enter all the email addresses to BCC the notifications to
Can be templated: SovLabs Template Engine
Only add 1 Notification Configuration for Veeam
No further action is necessary to set up SovLabs Notifications for Veeam Backup as a Service module. The Notification Configuration for Veeam may be updated any time
- Do not add a Notification Group. A notification group for Veeam Notification Configuration gets auto-generated. The Veeam Notification Group is not visible in vRA and gets deleted when the Notification Configuration for Veeam is deleted
Usage
Apply to vRA blueprint(s)
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Veeam Backup as a Service:
Starts with
SovLabs-VeeamBackupProfile-
Do not attach more than 1 Veeam Backup as a Service property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
- Provision
End-user Usage
Provide a guide on how to perform Day 2 operations to end-users
Download User Guide
Enable End-user to Select a Backup Job at Request Time
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, add the vRA property group for Veeam Backup as a Service:
SovLabs-VeeamChooseBackupJob
- Repeat Step 3 for all desired blueprints
- Provision
Provide a guide on how to perform Day 2 operations to end-users
Download User Guide- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
- In the Property Groups section, add the vRA property group for Veeam Backup as a Service:
SovLabs-VeeamChooseBackupJob
When destroying VMs, if the VM is the last one in the Veeam Backup Job, it will not be removed from the Veeam Backup Job (since a Veeam Backup Job must have at least 1 VM). The VM will be removed from vCenter as expected
Enable End-user to Recover Files and Folders
Allow the end-user to see the Recover Files and Folders (Veeam) action on a VM:- Add the action to the entitlement
- Search text to type in the Name field is: Veeam
- Action to add is:
Recover Files and Folders (Veeam)
Enable End-user to Recover VM
Allow the end-user to see the Recover VM (Veeam) action on a VM:- Add the action to the entitlement
- Search text to type in the Name field is: Veeam
- Action to add is:
Recover VM (Veeam)
Disable
Remove from vRA blueprint(s)
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Veeam Backup up as a Service:
Starts with
SovLabs-VeeamBackupProfile-
- Repeat Step 3 for all desired blueprints
End-userSelect a Backup Job at Request Time
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Click the desired blueprint name to edit
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Veeam Backup up as a Service:
SovLabs-VeeamChooseBackupJob
End-userFile and Folder Recovery
Once the process to restore a VM's files and folders has started, it cannot be stopped
Prevent the end-user from seeing the Recover Files and Folders (Veeam) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Recover Files and Folders (Veeam)
- Action to remove is:
End-userRecover VM
Once the process to recover a VM has started, it cannot be stopped
Prevent the end-user from seeing the Recover VM (Veeam) action on a VM:- Remove the action from the entitlement
- Action to remove is:
Recover VM (Veeam)
- Action to remove is:
Multi-Cloud Docker Container Mgmt with Nirmata
Container Management
View features and compatibilityQuick Start Process
- Define Nirmata Endpoint(s)
- Define Nirmata Agent(s)
- Apply to existing blueprint(s)
- Optionally, boot strap configurations for container host(s)
- Deploy apps or container hosts!
Prerequisites
- Nirmata is properly configured
- Have an account with Nirmata
- Set up Host Groups and Environments in Nirmata
- Set up any applications to be deployed from Nirmata
- Login to the vRA tenant and validate the following vRA Catalog Items exist:
- Add Nirmata Endpoint
- Add Nirmata Agent
- Deploy Nirmata app environment
- Destroy Nirmata app environment
- Update Nirmata host group
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Add Nirmata Endpoint
Nirmata Endpoint
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Host URL URL to Nirmata host Create credential? Uncheck the checkbox to choose from existing Nirmata Endpoint credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username for Nirmata host
Password *Shown when 'Create credential' is checked
User's password
-
On the Catalog page, click on the Request button for: Add Nirmata Agent
Add Nirmata Agent
Field Value Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Nirmata Endpoint Select the desired Nirmata endpoint Host group *Auto-generated based on the Nirmata endpoint selected
Select the desired host group
Install script Modify the install script as necessary Create credential? Uncheck the checkbox to choose from existing Provisioned Node credentials
Check the checkbox to create a new credential
Credential *Shown when 'Create credential' is unchecked
Select the appropriate credential from an existing list of credentials
Credential configuration label *Shown when 'Create credential' is checked
*Only AlphaNumeric characters, no special characters nor spaces except:
-
and_
Unique label.
Username *Shown when 'Create credential' is checked
Username for provisioned VM
Password *Shown when 'Create credential' is checked
User's password
Usage
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, add the vRA property group for Multi-Cloud Docker Container Management with Nirmata:
Starts with
SovLabs-Nirmata-
Do not attach more than 1 Multi-Cloud Docker Container Management with Nirmata property group to a vRA blueprint
- Repeat Step 3 for all desired blueprints
Disable
- Login to the vRA tenant
- Click on the Design tab > Blueprints
- Hover over the desired blueprint name and click Edit
- Click on the vSphere machine component on the Blueprint Design Canvas
- Click on the Properties tab
In the Property Groups section, remove the vRA property group for Multi-Cloud Docker Container Management with Nirmata:
Starts with
SovLabs-Nirmata-
- Repeat Step 3 for all desired blueprints
SovLabs Extensibility Modules Appendix
Manage SovLabs vRA module items
- Login to the vRA tenant
- Click on SovLabs vRA Extensiblity Modules from the left-hand menu
- Click on the Items tab
- Select the desired category name via the left-hand menu
- Click on the desired vRA item
Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage
- Click on Actions
- Click on Update to update and submit after filling out form fields
- Click on Delete to delete and submit
Managing Credentials for SovLabs modules
SovLabs Credential allows better management of credentials across vRA configuration items. Once an Credential is configured, it will be encrypted
Modules that use the Credential configuration will provide a dropdown list of relevant Credential configurations to choose from
Prerequisites
- If utilizing SSH keys, have the full SSH private key readily available along with the SSH Key passphrase, if a passphrase is required
- If using a simple login username and password, have the credentials readily available
Setup
- Login to the vRA tenant
-
On the Catalog page, click on the Request button for Manage Credential Configuration
Manage Credential Configuration
Field Value Action Choose whether to Create a credential or Update or Delete an existing credential Filter by type *Shown if 'Action' is Update or Delete
Type to filter existing credentials by
Credential *Shown if 'Action' is Update or Delete
Select an existing credential to update or delete
Configuration label *Only AlphaNumeric characters, no spaces or special characters except:
-
and_
Unique label
Type Type of Credential use
Subtype Subtype for granular filtering
Connection method Select the connection method SSH Key used? *Shown when 'Connection method' is
Check the checkbox to use an SSH keySSH based
Username Username that has necessary permissions Password *Shown when 'SSH key used' is checked
User's passwordSSH Key *Shown when 'SSH key used' is checked
SSH KeySSH Key Password *Shown when 'SSH key used' is checked
SSH Key password, if any
Usage
Use by selecting a SovLabs Credential configuration in any SovLabs Endpoints and/or Configurations
Manage vRA Entitlements
Configure Entitlements for End-user Operations
- Login to the vRA tenant
- Click on Administration > Catalog Management > Entitlements
- Click on a desired entitlement to edit
- Click on the Items & Approvals tab
- Click on the next to Entitled Actions
- Type in a desired search text in the Name field to search for all related SovLabs actions
- Select all or some of the following actions shown, depending on the level of permissions desired for the entitlement
- Click OK to entitle actions and make them available for end-users
- Click Finish to save the entitlement
- Repeat for all desired Entitlements
Remove Entitlements for End-user Operations
- Login to the vRA tenant
- Click on Administration > Catalog Management > Entitlements
- Click on a desired entitlement to edit
- Click on the Items & Approvals tab
- In the Entitled Actions column, find a desired Action to remove
- Click on the and then click Remove
- Click Finish to save
- Repeat for all desired Entitlements