Getting Started

SovLabs Extensibility Modules 2016.3.1.x for vRA 7.x

Overview

SovLabs Automation and Extensibility Modules allow your IT department to build a fully-functioning Cloud Management Platform (CMP) without writing a single workflow.

Integrate with your existing tools for DNS and IPAM, among others. Our modules manage things like adding and removing DNS records, Active Directory, IPAM reservations, and much more. Manage server lifecycles from provisioning to disposal and provide value to your business in days instead of months.

Benefits

Quick start

Don't spend weeks learning how to build vRO workflows and vRA content. You can be up and running next week. Let us be your content experts.

Simple installation

Our software is delivered as a plugin which is imported into vRealize Orchestration. A configuration workflow creates the core vRA resources.

Protect your investment

We test against new versions of vRA/vRO as they are released and we release a new SovLabs vRA Module Plugin to you. Take the worry out of maintaining your CMP investment and upgrade vRA/vRO without fear of breaking your IT Processes.

The SovLabs plugin provides a flexible template language that allows for utilization and transformation of vRA Custom Properties, which can drastically reduce complexity in large environments.

Assumptions

Consumer has the following VMware products and has basic knowledge on how to access and use:

Terminology

TermDefinition
vRAShort for VMware’s vRealize Automation

Formerly known as vCenter Automation Center (vCAC)

vROShort for VMware’s vRealize Orchestrator

Formerly known as vCenter Orchestrator (vCO)

vRA Lifecycles

SovLabs Automation and Extensibility Modules utilizes the following vRA lifecycles:

vRA LifecycleDetails
Machine BuildingvRA is assigning a reservation and network IP
Machine ProvisionedvRA provisioned machine, e.g. cloned virtual machine
Machine DisposingvRA is destroying virtual machine
Machine Disposing_POSTvRA destroyed the virtual machine

1. Setup vRA

Perform the following prior to the SovLabs plugin installation and configuration

Install and configure VMware's vRealize Automation (vRA) 7.x+

1.1 Additional vRA configurations

  • Create a vRA service account in Active Directory for the SovLabs plugin to utilize
  • Configure vRA Tenant(s) (The SovLabs vRA Extensibility Modules does not work for the root vRA tenant)
  • Configure a vRA Business Group
  • Configure and test vRA Compute Resources, Reservations, etc
  • Create, configure and test vRA Blueprint(s) for each OS desired (with necessary network profiles, reservations, etc.)

1.2 Configure vRA service account permissions

  1. Login to the root vRA tenant: https://vRA-FQDN/vcac
  2. Click on Administration tab > Users & Groups > Custom Groups
  3. If a group does not exist, add a group:
    1. Input the group name and description
    2. Select all roles listed in the Add Roles to this Group box

      The two roles required: Tenant Administrator & XaaS Architect

    3. Click Next
    4. Type in the vRA service account or vRA service account group
    5. Click Add
  4. If a group exists, edit the group:
    1. Verify that the two roles are selected:
      • Service Architect
      • XaaS Architect
    2. Click Next
    3. Type in the vRA service account or vRA service account group
    4. Click Update

1.3 Configure vRO endpoint in vRA

Perform the following for each vRA tenant utilized

    1.3.1 Add vRO endpoint in vRA for Advanced Services

  1. Login to the vRA tenant
  2. Click on the Administration tab > vRO Configuration > Server Configuration:
    • Toggle the Use an external Orchestrator server radio button and fill out the form appropriately
  3. 1.3.2 Add vRO endpoint in vRA for Infrastructure

  4. Click on the Infrastructure tab > Endpoints > Endpoints:
    • Click on +New > Orchestration > vRealize Orchestrator
    • Fill out the form accordingly
    • Click on +New Custom Property to add the property:
      • Name: VMware.VCenterOrchestrator.Priority
      • Value: (number, 1 being highest priority)
    • Click OK

1.4 Configure Extensibility lifecycle message timeout

Perform the following for each vRA tenant utilized

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Administration > Global settings:
    • Select (click on) the Extensibility lifecycle message timeout row
    • Click on the Edit button
    • Input a value that will be greater than the longest event workflow subscription timeout (e.g. 3+)

2. Setup vRO

Perform the following prior to the SovLabs plugin installation and configuration

Install and configure VMware's vRealize Orchestrator (vRO) 7.x+

2.1 Active Directory configuration

  • Create or identify a vRO Admins group in Active Directory where the vRO server(s) belong
  • Create or identify a vRO Service Account in Active Directory for the SovLabs plugin to utilize

2.2 Configure vRO execution permissions

The following is necessary in order for vRO to execute external applications and perform actions such as ping

Perform the following steps for each vRO server that will be utilized

  1. SSH as user root to the vRO server (e.g. SSH via PuTTy)
  2. Modify the vmo.properties file:
    1. vi /etc/vco/app-server/vmo.properties
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end file:
      com.vmware.js.allow-local-process=true
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
  3. Modify the js-io-rights.conf file:
    1. vi /etc/vco/app-server/js-io-rights.conf
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end file:
      +rwx /tmp
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
  4. Restart the vRO server(s)
    • Type in service vco-server restart

2.2.1 EMC's FEHC 3.x and 4.x

EMC's Federation Enterprise Hybrid Cloud

Perform the following steps for each vRO server that will be utilized

  1. SSH as user root to the vRO server (e.g. SSH via PuTTy)
  2. Modify the setenv.sh file:
    1. vi /usr/lib/vco/app-server/bin/setenv.sh
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end of the JVM_OPTS variable:
      -Djsse.enableSNIExtension=false
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
  3. Restart the vRO server(s)
    • Type in service vco-server restart

2.3 Configure Kerberos

Perform the following steps for each vRO server that will be utilized

  1. SSH as user root to the vRO server
  2. Create the file krb5.conf:
    1. vi /usr/java/jre-vmware/lib/security/krb5.conf
    2. Press the i key
    3. Copy & paste the following into the file with the following content

      Replace example.com with company domain appropriately
      If EXAMPLE.COM is in all uppercases, domain should be in all caps.
      If example.com is in all lowercases, domain should be in lowercase letters.

    4. [libdefaults]
        default_realm = EXAMPLE.COM
        udp_preferences_limit = 1 
      [realms] 
        EXAMPLE.COM = {
          kdc = example.com
          default_domain = example.com
        }
      [domain_realm] 
        .example.com=EXAMPLE.COM
        example.com=EXAMPLE.COM
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
      
      [libdefaults]
       default_realm = SOVLABS.NET
       udp_preferences_limit = 1 
        [realms] 
        SOVLABS.NET = {
          kdc = sovlabs.net
          default_domain = sovlabs.net
        }
      [domain_realm] 
        .sovlabs.net=SOVLABS.NET
        sovlabs.net=SOVLABS.NET
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON 
      
      Multiple domain scenario

      Any child domains must be defined before the parent domains in the [domain_realm] section

      [libdefaults]
       default_realm = EXAMPLE1.COM
       udp_preferences_limit = 1 
        [realms] 
        EXAMPLE1.COM = {
          kdc = example1.com
          default_domain = example1.com
        }
        EXAMPLE2.COM = {
          kdc = example2.com
          default_domain = example2.com
        }
      [domain_realm] 
        .example1.com=EXAMPLE1.COM
        example1.com=EXAMPLE1.COM
        .example2.com=EXAMPLE2.COM
        example2.com=EXAMPLE2.COM
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON 
      
      [libdefaults]
       default_realm = SOVLABS.NET
       udp_preferences_limit = 1 
        [realms] 
        SOVLABS.NET = {
          kdc = sovlabs.net
          default_domain = sovlabs.net
        }
        SOVLABS.2K8AD.NET = {
          kdc = sovlabs.2k8ad.net
          default_domain = sovlabs.2k8ad.net
        }
      [domain_realm]
        .sovlabs.2k8ad.net=SOVLABS.2K8AD.NET
        sovlabs.2k8ad.net=SOVLABS.2K8AD.NET
        .sovlabs.net=SOVLABS.NET
        sovlabs.net=SOVLABS.NET
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON 
      

      sovlabs.2k8ad.net is the child domain

    5. Press the esc key
    6. Type :wq!
    7. Press the enter key
  3. Ensure that the file has the appropriate permissions: chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf
  4. Restart vRO service: service vco-server restart

2.4 Download vRO's vRA plugin

Skip this step for vRA 7.2 or greater

Download vRO's vRA plugin via: VMware's vRO Plug-In for vRA

Must have a VMware account to download. Two plugins are included in the plugin download

For instance, downloading o11nplugin-vcac-6.2.3-3004239.vmoapp will provide: 1) vCAC Infrastructure Administration plugin and 2) vCloud Automation Center plugin

2.5 Install vRO's vRA plugins

Perform the following for each vRO server

  1. Login to the vRO configuration page: https://vro-fqdn:8283/vco-controlcenter/#/ with user root
  2. Click on the Manage Plug-Ins icon
  3. Locate on the Install plug-in section
  4. Drag the plugin .dar or .vmoapp file into the browse bar
  5. Click on Install
  6. Repeat Steps 4 and 5 for the second plugin
  7. Restart the vRO server
    1. On the Home page, click on the Startup Options icon
    2. Click on Restart
    3. Wait for vRO to restart successfully
  8. Log back in to the vRO configuration page
  9. Click on the Manage Plug-Ins icon
  10. Verify that the installed plugin is listed among the vRO plugins

2.6 Configure vRA endpoints in vRO

2.6.1 Add vRA host for tenant

Perform the following once in vRO for each vRA tenant

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: /Library/vCloud Automation Center/Configuration/Add a vCAC host
  6. Fill out the form fields properly:
    FieldValue
    HostnamevRA server
    Host URLvRA URL
    Automatically install SSL certificates?Yes
    Connection TimeoutKeep default
    Operation TimeoutKeep default
    Session modeShared Session
    TenantPrimary vRA tenant for vRO to interact with
    UsernamevRA Service Account username
    PasswordvRA Service Account password
  7. Click Submit
The Add a vCAC host workflow should complete successfully

2.6.2 Add an IaaS host

Perform the following once in vRO for each vRA tenant

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: /Library/vCloud Automation Center/Infrastructure Administration/Configuration/Add an IaaS host
  6. Fill out the form fields properly:
    FieldValue
    NameIaaS Host FQDN
    Host URLIaaS Host FQDN
    Automatically install SSL certificaitesYes
    Connection timeout (seconds)Keep default
    Operation timeout (seconds)Keep default
    Session modeShared Session
    Authentication usernameUsername without domain name
    PasswordUser's password
    Workstation for NTLM authenticationLeave as blank
    Domain for NTLM authenticationDomain
  7. Click Submit
The Add an IaaS host workflow should complete successfully

3. Environment setup

3.1 Setup WinRM

WinRM must be enabled for SovLabs modules utilizing any Windows (R2) servers in the environment (for AD, DNS, IPAM, Puppet and etc.)

3.1.1 Activate WinRM on a Windows server

Activating WinRM on a Windows server allows the SovLabs modules to function properly on proxy and/or target Windows servers (for AD, DNS, IPAM and etc.)

  1. Download the Activate WinRM PowerShell script

    Disclaimer: Please review the activate-winrm.ps1 PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers

  2. Login to the Windows server
  3. Upload the .ps1 file to desired directory
  4. Open PowerShell Run as Administrator
  5. Run the script by entering the full path to the script: C:\[folderpath]\activate-winrm.ps1
  6. WinRM should activate successfully

3.1.2 Enable activate WinRM on a vRA blueprint

Enabling activate WinRM on a vRA blueprint allows the SovLabs modules to function properly on provisioned VMs

  1. Download the Activate WinRM PowerShell script

    Disclaimer: Please review the activate-winrm.ps1 PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers

  2. Upload the activate-winrm.ps1 script onto a desired share server
  3. Login to vCenter
  4. Navigate to Home > Customization Specification Manager
  5. Edit desired Customization Specification(s)
  6. Click on Run Once tab and add the following commands:
    • cmd /c powershell -executionpolicy Bypass -noninteractive -file //{{share path}}/activate-winrm.ps1

      Replace {{share path}} with the path to the share that contains the activate-winrm.ps1 script

    • cmd /c shutdown /l /f

      If other commands exist, please make sure this command is at the very end. The command logs the Administrator off

  7. Click OK to save the modifications on the Customization Specification(s)
  8. Login to vRA tenant
  9. Navigate to blueprints: Design tab > Blueprints
  10. Edit desired blueprint(s)
  11. Click on the blueprint vSphere machine on the Design Canvas
  12. Click on Build Information tab on the blueprint
  13. Type in or verify the Customization Specification name in the Customization spec field
  14. Save blueprint by clicking on Finish

3.2 Configure Windows Member Server

Configure Windows Member Server with Remote Management and SSH server. If direct connection to your Windows Domain Controllers (DCs) is either restricted or otherwise not desired, a Windows Member Server configured for remote management can be used by the SovLabs plugin to manage AD and DNS entries.

The modules for DNS and AD require powershell cmdlets, so the Windows Member Server must be Windows 2012 or above.

The SovLabs Plugins for Microsoft AD and DNS use SSH as the connection method to the Windows Member Server. Therefore, the Member Server must have either CygwinSSH server or Bitvise SSH server installed and configured.

Perform the following steps for each Windows Member server that will be utilized

  1. Login to the Windows server
  2. If this server will remotely manage Active Directory, install these Roles on your Member Server:
  3. Under Role Administration Tools
    1. Active Directory module for Windows Powershell
    2. AD DS Tools
      1. Active Directory Administrative Center
      2. AD DS Snap-Ins and Command-Line Tools
    3. AD LDS Snap-ins and Command-Line Tools
  4. If this server is a domain controller, install AD Webservices
  5. If this server will remotely manage MS DNS, install DNS Server Tools:
    1. Access the Server Manager
    2. Click on Manage option on the top right menu > Add Roles and Features
    3. On the Add Roles and Features Wizard:
      1. Before You Begin: Click Next
      2. Installation Type: Accept defaults and click Next
      3. Server Selection: Accept defaults and click Next
      4. Server Roles: Accept defaults and click Next
      5. Features:
        1. Expand Remote Server Administration Tools
        2. Select DNS Server Tools
        3. Click Next
      6. Confirmation: Click Install
      7. Results: Verify valid results
  6. Install and configure SSH server appropriately for:
  7. Bitvise SSH Server is a third-party product which requires a valid license. See See www.bitvise.com for details.

  8. If non-administrative rights are desired:
    1. Create a share
    2. Assign Modify (read/write) permissions to a user account

3.3 Firewall Rules

SourceTargetProtocolPort(s)Bi-directionalSovLabs Module(s)
vRO ServerWindows 2012 Member ServersTCP22Microsoft AD
Microsoft DNS
UDP
vRO ServerSovLabs Microsoft Endpoints for ADTCP5985
5986
Microsoft AD
vRO ServerSovLabs Microsoft Endpoints for DNSUDPMicrosoft DNS
Windows 2012 Member ServersSovLabs Microsoft Endpoints for ADTCP53
88
135
389
464
3268
3269
9389
Microsoft AD
Windows 2012 Member ServersSovLabs Microsoft Endpoints for DNSTCP53
135
389
464
Microsoft DNS
vRO ServerServer SubnetsTCP22
5985
5986
All
UDP
vRO ServerPuppet Masters
  • Puppet CA
  • Puppet Console server
TCP22
4433
8140
Puppet Enterprise
UDP
vRO ServerRed Hat Satellite serversTCP22
80
443
Red Hat Satellite
UDP

4. Configure SovLabs Plugin

4.1 Download & install SovLabs Plugin

Download the SovLabs plugin

Perform the following for each vRO server

  1. Login to the vRO configuration page: https://vro-fqdn:8283/vco-controlcenter/#/ with user root
  2. Click on the Manage Plug-Ins icon
  3. Locate on the Install plug-in section
  4. Drag the plugin .dar or .vmoapp file into the browse bar
  5. Click on Install
  6. Restart the vRO server
    1. On the Home page, click on the Startup Options icon
    2. Click on Restart
    3. Wait for vRO to restart successfully
  7. Log back in to the vRO configuration page
  8. Click on the Manage Plug-Ins icon
  9. Verify that the installed plugin is listed among the vRO plugins

4.2 First install

SovLabs plugin has been downloaded and installed (Section 4.1)

Installing and configuring the SovLabs plugin is only performed once for each vRA tenant and vRO server the SovLabs vRA Extensibility modules interact with

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: SovLabs/Configuration/SovLabs Configuration
  6. Fill out the SovLabs Configuration workflow form appropriately:
    FieldInstructions
    Main Configuration
    vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant
    Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group
    Create SovLabs vRA Catalog Service? Select 'Yes'
    Security Group

    vRA service account in UPN format (e.g. group.domain.com)

    *Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service

    Publish License Content? Select 'Yes'
    Upgrade Options
    Upgrade existing SovLabs vRA content? Select 'No'
    Apply Upgrade Transformations? Select 'No'
    Lifecycle Configuration - Install/Upgrade
    Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? Select 'Yes'

    *Enables vRA to call vRO during machine lifecycles

    Lifecycle Configuration - MachineBuilding
    MachineBuilding Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    MachineBuilding Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
    Lifecycle Configuration - MachineProvisioned
    MachineProvisioned Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    MachineProvisioned Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
    Lifecycle Configuration - Pre-Disposing
    Pre-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    Pre-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
    Lifecycle Configuration - Post-Disposing
    Post-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    Post-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
  7. Click Submit
  8. Verify that the SovLabs Configuration workflow completed successfully

4.3 Performing an update

New SovLabs plugin has been downloaded and installed (Section 4.1)

Installing and configuring the SovLabs plugin is only performed once for each vRA tenant and vRO server the SovLabs vRA Extensibility modules interact with

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: SovLabs/Configuration/SovLabs Configuration
  6. Fill out the SovLabs Configuration workflow form appropriately:
    FieldInstructions
    Main Configuration
    vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant
    Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group
    Create SovLabs vRA Catalog Service? Select 'No'
    Security Group

    vRA service account in UPN format (e.g. group.domain.com)

    *Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service

    Publish License Content? Select 'No'
    Upgrade Options
    Upgrade existing SovLabs vRA content? Select 'Yes'
    Apply Upgrade Transformations? Select 'No'
    Lifecycle Configuration - Install/Upgrade
    Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? Select 'Yes' only if modifications are necessary

    *Enables vRA to call vRO during machine lifecycles

    Lifecycle Configuration - MachineBuilding
    MachineBuilding Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    MachineBuilding Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
    Lifecycle Configuration - MachineProvisioned
    MachineProvisioned Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    MachineProvisioned Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
    Lifecycle Configuration - Pre-Disposing
    Pre-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    Pre-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
    Lifecycle Configuration - Post-Disposing
    Post-Disposing Lifecycle Priority Defaulted to a number - 0 being the highest priority. Use the default values provided
    Post-Disposing Lifecycle Timeout Defaulted to a number in minutes. Use the default values presented during the install process as they are vRA version dependent
  7. Click Submit
  8. Verify that the SovLabs Configuration workflow completed successfully

4.4 Verifying SovLabs plugin

4.4.1 Verify via vRO

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Inventory tab
  5. Verify that the SovLabs vRA Extensibility Modules plugin exists

4.4.2 Verify via vRA

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Verify that the Add License - SovLabs Modules catalog exists

SovLabs Extensibility modules

Add module license(s)

Add module license

Each SovLabs Extensibility Module will require a license to enable functionality

Once SovLabs Extensibility modules have been purchased, an email with order details and license keys attached will be sent

Perform the following steps for each license on all vRA tenant(s)

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Click on the Add License - SovLabs Modules catalog item
  4. Fill out the form fields properly:
    Field Instructions
    Product ID Copy & paste the license key's file name (e.g. SL-VRA-XXXX)
    License Key (including header) Copy & paste the entire license file attachment contents into this field
  5. Click Submit
Successful execution results in the additional catalog item(s) pertaining to the module in the Catalog page.

Custom Naming

Server naming standards are a fact of life for most organizations. Hostnames are the most basic label that apply to all servers, and this identifier has operational value well beyond name resolution. Hostnames help multiple IT and application teams quickly identify and categorize any given server, revealing its function, role, operating system, environment, location or other attributes.

SovLabs enables administrators to easily manage multiple naming standards through data-driven profiles, allowing IT to keep up with changing architectural and application standards or changes to the business such as department/budget re-alignment, acquisitions or mergers. Take control of your hostnames with SovLabs Custom Naming and drive standardization throughout your environment.

The SovLabs Custom Naming Module gives IT administrators a flexible way to meet their server naming standards with vRealize Automation. With Custom Naming from SovLabs, easily create independent data-driven naming sequences and standards so that servers provisioned through vRealize Automation will adhere to specific naming conventions

The SovLabs Custom Naming module is often used in conjunction with other modules from the SovLabs Core Pack, including Active Directory and interchangeable DNS and IPAM modules.

Quick start process

  1. Define Naming Sequence
  2. Define Naming Standard
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible naming standards that include one or more sequences
  • Naming standards consist of a mix of static text and dynamic content such as vRA custom properties and/or custom logic
  • Validates against DNS and vRA database to determine hostname availability
  • Includes advanced selective locking, preventing duplication of hostnames with parallel provisioning without sacrificing performance
  • Allows for creation of multiple types of sequences such as decimal, hex, octal, binary, or custom pattern
  • Dynamic sequences are possible using the pattern type, which can utilize vRA properties (utilizing the SovLabs Template Engine ) in combination with custom logic and one or many sequence types
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Includes option to allow for reuse of sequence values, e.g. for gaps left when machines have been de-provisioned
  • Includes options for sequence length, padding character, initial value
  • Sequences can be updated at any time, for scenarios like increasing sequence length or setting a new initial value (e.g. set next sequence value at 500 instead of 030)
  • Supports creation of multiple naming sequences and standards as needed

Prerequisites

  1. Have naming standard(s) that accounts for different scenarios for your company
  2. Login to the vRA tenant
    1. Add license for Custom Naming module
    2. Validate the following show up on the Catalog page:
      1. Add Naming Sequence
      2. Add Naming Standard

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Naming Sequence
    Add Naming Sequence
    Naming Sequence

    A naming sequence can be used in one or more Naming Standards

    FieldValue
    Sequence label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name for sequence

    Sequence type Choose a sequence type:
    • Decimal (Base 10): 0-9 for each digit
    • HexaDecimal (Base 16): 0-F for each digit
    • Octal (Base 8): 0-7 for each digit
    • Pattern (Mixed bases and static text ): a flexible pattern that allows for unique naming sequences
    Reuse sequence values? Select Yes to reuse a sequence number if it is available
    Max sequence length

    Shown only when Decimal, HexaDecimal or Octal is selected as the sequence type

    What is the maximum number of the sequence length? If a ### sequence is desired, type in 3 for a three digit sequence length

    Initial value

    What is the initial number the sequence starts off with (0 or 1)?

    *Do not pad this initial value number

    Sequence padding

    Shown only when Decimal, HexaDecimal or Octal is selected as the sequence type

    Numerical value to pad the sequence to the left in the event that the sequence does not meet the required max sequence length. Defaults to 0

    Pattern type format

    Shown only when Pattern is selected as the sequence type

    Unique key Optional
  3. On the Catalog page, click on the Request button for: Add Naming Standard
    Add Naming Standard
    Naming Standard

    A naming standard is a template that generates a specific hostname

    FieldValue
    Naming standard label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name for naming standard

    Used for multi-machine containers? Select Yes if the naming standard will be used for multi-machine containers
    Select sequence(s) Select the sequences that will be a part of the naming standard
    Template

    Define the naming standard template that will generate the hostname

    The template must include the sequence(s):
    {{ sequence.SEQUENCENAME }}

    Can be templated: SovLabs Template Engine

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Naming Standard property group:
        • Starts with SovLabs-NamingStandard- for single machine scenarios
        • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
        • Do not attach more than 1 Naming Standard property group to a blueprint

    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Naming Standard property group:
        • Starts with SovLabs-NamingStandard- for single machine scenarios
        • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Example(s)

Configure Pattern Type

Pattern naming sequences are designed to be flexible and multiple base sequences that can match most sequence types used in the industry.

Pattern naming sequences can contain the following types of bases:

Type Pattern Key Default Value Range
Decimal # 0 0-9
HexaDecimal x 0 0-F
Octal o 0 0-7
Binary b 0 0-1
Alpha a a a-z

All Pattern Keys are to be defined inside / /, for instance: /a#b/ is a sequence of alpha, decimal, and binary numbers/letters.

A unique feature of the pattern naming standard is that the sequence can contain static or template text in the sequence, yet the sequence increments as you would expect ignoring the text.

For example a pattern of /a/StaticText/b/ will result in a the following sequence values:

aStaticText0, aStaticText1, bStaticText0, bStaticText1, cStaticText0. . .

As you can see that part of the sequence that the counter (inside the / /) increments while the text outside of the / / remains static text, yet as the right most digit rolled over the next significant digit increased as one would expect. This can be used with or without static text.

If a template is used, the counter is incremented first and then the template is rendered. This means if your have a property called "App" and you use it in a pattern such as /#/{{App}}/#/

  • First run, if App = “Test” => sequence value is 0Test1
  • Second run, if App = “Foo” => sequence value is 0Foo2

Custom Notifications

The SovLabs Notifications Module provides an easy yet highly flexible way to send email or REST-based web service notifications based on the success or failure of machine lifecycle events.

This is extremely useful for driving email based automation systems with minimal complexity, or driving web services via REST with dynamic JSON payloads such as ticketing or service management systems.

Quick start process

  1. Define Notification(s)
  2. Define a Notification Group
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible notifications and add them to notification groups
  • Supports REST-based web services or email notifications
  • Notification email subject, body, addresses or web service address and JSON body can consist of a mix of static text and dynamic content such as vRA custom properties and/or custom logic
  • Email notifications consist of message server(s), email groups/addresses (to, cc, bcc), from address, to address, subject and body
  • REST-based notifications consist of a title and JSON body
  • Supports SSL/TLS or unencrypted communications
  • Message servers (email or REST) can be defined independently of notifications
  • Credentials for message servers (email or REST) can be defined independently and re-used among message servers
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. User account with permissions to the webservices and/or email servers desired
  2. Login to the vRA tenant
    1. Add license for Custom Notifications module
    2. Validate the following show up on the Catalog page:
      1. Add Notification Configuration
      2. Add Notification Group Configuration
      3. Add MessageServer Configuration
      4. Add EmailGroup Configuration
      5. Add Authorization Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server configuration
    New Message Server?

    Select Yes to create a new message server

    Select No to choose an existing message server

    Message Server

    *Only shown when 'New Message Server' is No

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for message server

    Message Server Address

    *Only shown when 'New Message Server' is Yes
    Message Server address

    Please note, for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Only shown when 'New Message Server' is Yes

    Choose whether or not SSL is enabled on the message server
    Message Server Port

    *Only shown when 'New Message Server' is Yes

    Message Server port
    Message Server Type

    *Only shown when New Message Server is Yes

    Select whether this message server is an Email or WebService type
    Message Server HTTP Verb

    *Only shown when New Message Server is Yes and Message Server Type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server Protocol

    *Only shown when 'New Message Server' is Yes

    Select the appropriate protocol
    Enable Authentication?

    *Only shown when 'New Message Server' is Yes

    Select whether authentication is enabled on the message server
    New Authentication?

    Select No to choose from existing authentications

    Select Yes to create a new authentication

    Authentication

    *Only shown when 'Enable Authentication' is Yes and 'New Authentication' is No

    Select the appropriate authentication from an existing list of authentications

    Authentication configuration label

    *Only shown when 'New Authentication' is Yes

    Unique name for authentication.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'New Authentication' is Yes

    Username

    Password

    *Only shown when 'New Authentication' is Yes

    Username's password

    Enable Start TLS?

    *Only shown when 'New Authentication' is Yes and 'Message Server Type' is Email

    Select whether or not to enable start TLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Only shown when the 'Message Server Type' is Email

    New Email Group?

    Select Yes to create a new email group

    Select No to choose an existing email group

    Email Group

    *Only shown when 'New Email Group' is No

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Only shown when 'New Email Group' is Yes

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for email group configuration

    To addresses

    *Only shown when New Email Group is Yes

    Enter all the email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Only shown when 'New Email Group' is Yes

    Enter all the CC'ed email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Only shown when 'New Email Group' is Yes

    Enter all the BCC'ed email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    Notification configuration
    Configuration label

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for notification configuration

    Notification State Select whether to send the notification on a success and/or error states
    Format Select the appropriate format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message.

    For a WebService, the only payload accepted is a JSON payload

    Can be templated: SovLabs Template Engine

  3. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Notifications Select all notification configurations for this notification group

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Notification Group property group (starts with SovLabs-NotificationGroup-)

        Do not attach more than 1 Notification Group property group to a blueprint

    4. Click OK
  4. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Notification Group property group: (starts with SovLabs-NotificationGroup-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Microsoft Active Directory

Microsoft Active Directory (AD) is a crucial requirement in most Windows server deployments. With the SovLabs Microsoft Active Directory module for vRealize Automation, organizations can flexibly drive Windows server registration with Microsoft Active Directory.

The SovLabs Microsoft Active Directory registration module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming and interchangeable DNS and IPAM modules.

Quick start process

  1. Define Microsoft endpoint(s)
  2. Define Active Directory configuration(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible Active Directory configurations that include one or more Microsoft endpoints
  • Handles simple to complex globally distributed multi-domain, multi-site MS AD environments
  • Registers/cleans computer account with Active Directory
  • Supports placement in a “build OU” during provisioning in order to facilitate software deployments/configurations that require a less restrictive Group Policy
  • Supports moving to a final OU post-provisioning
  • Supports dynamic creation and removal of OUs
  • Supports adding the computer account to existing Active Directory security groups
  • OU and Security Group designations are dynamic templated fields utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve reliability of registration/cleanup to mitigate failures, such as retry logic and post validation checks
  • Microsoft endpoints can also be used with the SovLabs Microsoft IPAM and Microsoft DNS modules

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant
    1. Add license for Microsoft Active Directory module
    2. Validate the following show up on the Catalog page:
      1. Add Microsoft Endpoint
      2. Add ActiveDirectory Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft server
    Hostname or IP address

    If 'Is this a proxy host' is set to Yes, this is the proxy server for the target AD server

    AD server (FQDN) or IP address
    Use non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Only shown when 'Use non-standard port' is Yes

    Input the non-standard port for this endpoint
    Username Username (UPN format) that has permissions to add/remove records to/from AD servers
    Password User's password
    Is this a proxy host?

    Proxy hosts are limited to the SSH connection method only

    Choose whether or not to utilize a proxy host to make remote commands to the target AD server

    Remote Server hostname or IP address:

    *Only shown when 'Is this a proxy host' is Yes

    The target AD server
    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  3. On the Catalog page, click on the Request button for: Add ActiveDirectory Configuration
    Add ActiveDirectory Configuration
    Active Directory Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hosts Select all the Microsoft Endpoint hosts configured for Active Directory
    Build OU
    Use Build OU?

    If Yes, a VM during it's machineBuilding vRA lifecycle will be placed in an interim OU (Build OU)

    Once the VM has finished building and provisioning, the VM will be placed in the [final] OU

    Build OU

    ActiveDirectory Organizational Unit (OU) in DN format for VM to join prior to completing provisioning

    Create Build OU? Select Yes, to create Build OU if it does not exist
    Remove OU? Select Yes, to remove Build OU if it does not have any children and is empty
    OU
    OU

    ActiveDirectory Organizational Unit (OU) in DN format for VM to join

    Create OU? Select Yes, to create OU if it does not exist
    Remove OU? Select Yes, to remove OU if it does not have any children and is empty
    Security Group(s)
    AD Security Group(s)

    List all Security Group(s) for server to join

    *Can be a static value of either FQDNs or short names (if short names are unique)

    Advanced
    Delete computer accounts based on computer name? Selecting Yes will attempt to find computer account and remove it, regardless of what OU it is in

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Microsoft Active Directory property group (starts with SovLabs-AD-)

        Do not attach more than 1 Microsoft Active Directory property group to a blueprint

    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Microsoft Active Directory property group: (starts with SovLabs-AD-)
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Example(s)

OU={{teamID | downcase }},OU={{ORGID | upcase}},OU={{LOCATION | substring: 0,2 | downcase}},DC=sovlabs, DC=net

Assuming the following properties (teamID, ORGID, LOCATION) is defined on the vRA Blueprint or inherited from the Business Group or Compute Resources, etc.

The resulting OU will be: OU=development,OU=E712,OU=atl,DC=sovlabs,DC=net

Assuming:

teamID = development
ORGID = e712
LOCATION = Atlanta

Infoblox DNS

DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.

With the SovLabs Infoblox DNS for vRealize Automation, organizations who utilize Infoblox for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.

The SovLabs Infoblox DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable IPAM modules.

Quick start process

  1. Define Infoblox endpoint(s)
  2. Define DNS configuration(s)
  3. Provision!

Features

  • Create flexible DNS configurations that include one or more Infoblox endpoints
  • Supports one or more domains and networks in a single DNS configuration
  • Drives advanced Infoblox features such as Extensible Attributes and DNS Views flexibly via the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional
  • DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • Infoblox endpoints can also be used with the SovLabs Infoblox IPAM module
  • SovLabs DNS configurations may also be used with SovLabs network load balancer modules
  • Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
  • Supports up to 10 network interfaces per machine

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox DNS module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Host
      2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Infoblox Host
    Add Infoblox Host
    Infoblox Host

    A Infoblox host is the Infoblox appliance where the DNS records are created/removed via the Infoblox API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Infoblox Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    Username Infoblox user that has API access and permissions to add/remove records to/from Infoblox
    Password User's password
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view *Optional - What is the DNS view this endpoint supports?
    Network view *Optional - What is the Network view this endpoint supports?
    Advanced Options

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for each of the record types

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

  3. On the Catalog page, click on the Request button for: Add DNS Configuration
    Add DNS Configuration
    DNS Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains Add in all domains for this DNS configuration to support
    Networks Add in all the networks (X.x.x.x/CIDR) for this DNS configuration to support
    DNS server type Select Infoblox
    DNS Hosts Select all desired Infoblox hosts
    Create A Records? Select Yes' to create A Records
    Create PTR Records? Select Yes to create PTR Records
    Create Host records? Select Yes to create Host Records
    Use as default server?

    Select Yes to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
    4. Click OK
  3. Repeat Step 2 for all desired blueprints
  4. Click on the Infrastructure tab > Reservations > Reservations
  5. Hover over the reservation in association with the Infoblox DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with Infoblox DNS only if the VM is in the configured domain and network defined for Infoblox DNS

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Microsoft DNS

DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.

With the SovLabs Microsoft DNS module for vRealize Automation, organizations who utilize Microsoft for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.

The SovLabs Microsoft DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Microsoft Active Directory and interchangeable IPAM modules.

Quick start process

  1. Define Microsoft endpoint(s)
  2. Define DNS configuration(s)
  3. Provision!

Features

  • Create flexible DNS configurations that include one or more Microsoft endpoints
  • Handles simple to complex globally distributed multi-zone, multi-site MS DNS environments
  • Supports one or more domains and networks in a single DNS configuration
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • Microsoft endpoints can also be used with the SovLabs Microsoft IPAM and Active Directory modules
  • SovLabs DNS configurations may also be used with SovLabs network load balancer modules
  • Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
  • Supports up to 10 network interfaces per machine

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant
    1. Add license for Microsoft DNS module
    2. Validate the following show up on the Catalog page:
      1. Add Microsoft Endpoint
      2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft DNS server
    Hostname or IP address

    If 'Is this a proxy host' is set to Yes, this is the proxy server for the target DNS server

    DNS server (FQDN) or IP address
    Use non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Only shown when 'Use non-standard port' is Yes

    Input the non-standard port for this endpoint
    Username Username (UPN format) that has permissions to add/remove records to/from DNS server
    Password User's password
    Is this a proxy host?

    Proxy hosts are limited to the SSH connection method only

    Choose whether or not to utilize a proxy host to make remote commands to the target DNS server

    Remote Server hostname or IP address:

    *Only shown when 'Is this a proxy host' is Yes

    The target DNS server
    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  3. On the Catalog page, click on the Request button for: Add DNS Configuration
    Add DNS Configuration
    DNS Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains Add in all domains for this DNS configuration to support
    Networks Add in all the networks (X.x.x.x/CIDR) for this DNS configuration to support
    DNS server type Select MS DNS
    DNS Hosts Select all desired Microsoft endpoints
    Create A Records? Select Yes' to create A Records
    Create PTR Records? Select Yes to create PTR Records
    Use as default server?

    Select Yes to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
    4. Click OK
  3. Repeat Step 2 for all desired blueprints
  4. Click on the Infrastructure tab > Reservations > Reservations
  5. Hover over the reservation in association with the Microsoft DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with Microsoft DNS only if the VM is in the configured domain and network defined for Microsoft DNS

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Infoblox IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs Infoblox IPAM module for vRealize Automation, organizations who utilize Infoblox for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs Infoblox IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define Infoblox endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include one or more Infoblox endpoints
  • Drives advanced Infoblox features such as Extensible Attributes and DNS Views flexibly via the SovLabs Template Engine
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • Infoblox endpoints can also be used with the SovLabs Infoblox DNS module
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Host
      2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Infoblox Host
    Add Infoblox Host
    Infoblox Host

    A Infoblox host is the Infoblox appliance where the DNS records are created/removed via the Infoblox API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Infoblox Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    Username Infoblox user that has API access and permissions to add/remove records to/from Infoblox
    Password User's password
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view *Optional - What is the DNS view this endpoint supports?
    Network view *Optional - What is the Network view this endpoint supports?
    Advanced Options

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for each of the record types

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

  3. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select Infoblox
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint

    Select the desired Infoblox Host

    Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
    Gateway: X.x.x.x
    NetworkName: Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Microsoft IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs Microsoft IPAM module for vRealize Automation, organizations who utilize Microsoft IPAM for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs Microsoft IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define Microsoft endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include one or more Microsoft endpoints
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • Microsoft endpoints can also be used with the SovLabs Microsoft DNS and Active Directory modules
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. Install IPAM client on Microsoft IPAM (target or proxy) server:
    1. Server Manager > Manage > Add Roles and Features
    2. Accept defaults and click Next until the Features option
    3. Expand Remote Server Administration Tools > expand Feature Administration Tools
    4. Select IP Address Management (IPAM) Client
    5. Confirm and click Install
  2. Enable non-local administrators to run IPAM cmdlets
  3. Login to the vRA tenant
    1. Add license for Microsoft IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Microsoft Endpoint
      2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft IPAM server
    Hostname or IP address

    If 'Is this a proxy host' is set to Yes, this is the proxy server for the target IPAM server

    IPAM server (FQDN) or IP address
    Use non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Only shown when 'Use non-standard port' is Yes

    Input the non-standard port for this endpoint
    Username Username (UPN format) that has permissions to add/remove records to/from IPAM server
    Password User's password
    Is this a proxy host?

    Proxy hosts are limited to the SSH connection method only

    Choose whether or not to utilize a proxy host to make remote commands to the target IPAM server

    Remote Server hostname or IP address:

    *Only shown when 'Is this a proxy host' is Yes

    The target IPAM server
    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  3. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select Microsoft
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint

    Select the desired Microsoft Endpoint

    Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
    Gateway: X.x.x.x
    NetworkName: Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Puppet Enterprise

The SovLabs Puppet Enterprise Module increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management and vRealize Automation’s provisioning and lifecycle management capabilities.

Quick start process

  1. Define Puppet Master(s)
  2. Define Puppet Agent configuration(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Supports node classification support for Hiera, Manifest files and Puppet Enterprise Console
  • Creates node in the Puppet Enterprise Console and assigns node to class(es) and group(s)
  • Installs Puppet Agent, configures puppet.conf, creates Hiera data and local Facter facts, if desired
  • Supports Hiera-Eyaml for automatic encryption of sensitive data such as passwords and certificates
  • Supports certificate signing/cleaning or Puppet auto-sign scenarios
  • Eases portability between private and public cloud scenarios: agentless, OS native protocols
  • Supports code manager, r10k and custom deployment/code promotion scenarios and pre/post activities via inline command definitions
  • Ties in existing custom vRO workflow content via workflow hooks
  • Supports simple or distributed Puppet implementations
  • Supports creation of multiple Puppet Master and Puppet Agent configurations as needed
  • Delivers dozens to thousands of Puppet deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Create Puppet Certificate and Update Puppet Console configuration

    Create the certificate on the Puppet CA that will be used for communication with the Puppet Console API and the Puppet CA API. This is the certificate that will be configured in your Puppet Master module for certificate authentication from the CMP to the Puppet console. In order for the Puppet console API to accept the certificate, the configurations below need to be made.

    Perform the following for each Puppet CA utilized

    Puppet Enterprise v3.8.1

    In the following instructions, replace CERTNAME with the name you wish to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify the certificate_authority.pp:
      1. Type in
        vi /opt/puppet/share/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        class puppet_enterprise::profile::certificate_authority (
          Array[String] $client_whitelist = [ CERTNAME ]
        )
        
      3. Save the file: Hit the esc key and then type in :wq!
    5. Modify auth.conf:
      1. Type in
        vi /etc/puppetlabs/puppet/auth.conf
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        path  /certificate_status
        method find, save, search
        auth yes
        allow CERTNAME
        
      3. Save the file: Hit the esc key and then type in :wq!
    6. Modify the rbac-certificate-whitelist:
      1. Type in
        vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
      2. Add CERTNAME to the end of the file
      3. Save the file: Hit the esc key and then type in :wq!
    7. Restart necessary services by typing in: puppet agent -t
    Puppet Enterprise v4.x+

    In the following instructions, replace CERTNAME with the name you wish to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify the certificate_authority.pp:
      1. Type in
        vi /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        class puppet_enterprise::profile::certificate_authority (
          Array[String] $client_whitelist = [ CERTNAME ]
        )
        
      3. Save the file: Hit the esc key and then type in :wq!
    5. Modify auth.conf:
      1. Type in
        vi /etc/puppetlabs/puppetserver/conf.d/auth.conf
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        {
           "allow" : [
              "pe-internal-dashboard",
              CERTNAME
            ],
            "match-request" : {
                "method" : [
                  "get",
                  "put",
                  "delete"
                ],
              "path" : "/puppet-ca/v1/certificate_status",
              "query-params" : {},
              "type" : "path"
              },
          "name" : "puppetlabs certificate status",
          "sort-order" : 500
        }
        
      3. Save the file: Hit the esc key and then type in :wq!
    6. Modify the rbac-certificate-whitelist:
      1. Type in
        vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
      2. Add CERTNAME to the end of the file
      3. Save the file: Hit the esc key and then type in :wq!
    7. Restart necessary services by typing in: sudo service pe-console-services restart
  2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
    • root with SSH keys
    • root with password
    • Service account with sudo permissions
  3. Collect the appropriate keys from the Puppet Master:

    Replace CERTNAME with the name identified in Step 1 (e.g. vrosvc)

    TypeLocation
    CA Certificate/etc/puppetlabs/puppet/ssl/ca/ca_crt
    Service Account Certificate/etc/puppetlabs/puppet/ssl/certs/CERTNAME
    Service Account Private Key/etc/puppetlabs/puppet/ssl/private_keys/CERTNAME
  4. If any Puppet Agents are Windows OS:
  5. Login to the vRA tenant
    1. Add license for Puppet Enterprise module
    2. Validate the following show up on the Catalog page:
      1. Add Puppet Master Configuration
      2. Add Puppet Agent Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Puppet Master Configuration
    Add Puppet Master Configuration
    Puppet Master Configuration

    A Puppet Master Configuration is a target Puppet Master

    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet Master version Select the Puppet Master version
    Puppet Master connection configuration
    Puppet Master OS Family Currently, only allows for unix
    Puppet Master Hostname Hostname of Puppet Master in FQDN format
    Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
    Directory for temporary scripts Directory to put temporary scripts on the Puppet Master
    Connection method Currently, only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root/sudo permissions to the Puppet Master
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Console configuration
    Console Hostname Puppet Console server in FQDN format
    Console Port Port the Puppet Console listens on, defaults to 4433
    Console OS Family Currently only allows for unix
    Directory for temporary scripts Directory to put temporary scripts on the Console
    Connection method Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has admin permissions to the Puppet Console
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Compile Masters
    Use separate Compile Masters? Select Yes to define Compile Masters
    Compile Masters Hostnames

    *Only shown when 'Use separate Compile Masters' is Yes

    Input the Compile Master(s) in FQDN format
    Compile Masters OS Family

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate Compile Masters' is Yes

    Directory to put temporary scripts on the Compile Masters
    Connection method

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Compile Master(s)
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Database configuration
    Use separate database? Select Yes to define database
    Database hostname

    *Only shown when 'Use separate database' is Yes

    Database hostname in FQDN format
    Database OS Family

    *Only shown when 'Use separate database' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate database' is Yes

    Directory to put temporary scripts on the database
    Connection method

    *Only shown when 'Use separate database' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Puppet database
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Group configuration
    Parent Group Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under

    Can be templated: SovLabs Template Engine

    Parent Group Environment The parent group environment

    Can be templated: SovLabs Template Engine

    Group name template Template for the group name

    Can be templated: SovLabs Template Engine

    Certificate PEM files
    API Certificate

    Puppet API Certificate PEM file

    Puppet Master: /etc/puppetlabs/puppet/ssl/certs/CERTNAME

    API RSA Private Key

    Puppet API RSA Private Key PEM file

    Puppet Master: /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME

    API CA Certificate Puppet Master: /etc/puppetlabs/puppet/ssl/ca/ca_crt
    Certificate Authority
    Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If 'Yes', skips signing the certificate
    Certificate Authority Hostname Puppet Certificate Authority Hostname (FQDN)
    Certificate Authority Port Port the Puppet Certificate Authority listens on, defaults to 8140
    API CA Certificate Puppet API Certificate Authority Certificate
    Hiera node data configuration
    Create hiera node data? Select 'Yes' to create hiera node data
    Hiera node data format

    *Only shown when Create hiera node data is 'Yes'

    Hiera node data format
    Hiera node data filename

    *Only shown when Create hiera node data is 'Yes'

    Filename for hiera node data

    Can be templated: SovLabs Template Engine

    Hiera node data template

    *Only shown when Create hiera node data is 'Yes'

    Hiera data template

    Can be templated: SovLabs Template Engine

    Hiera eyaml Public Key

    *Only shown when Hiera node data format is eyaml

    Hiera eyaml public key
    Additional configuration

    *Only shown when Create hiera node data is 'Yes'

    Hiera on Puppet Master server? Select 'No' if the hiera server is on a different server from the Puppet Master
    Hiera Hostname

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera Hostname (FQDN)
    Hiera OS Family

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera OS type
    Directory for temporary scripts

    *Only shown when Hiera on Puppet Master server is 'No'

    Directory to put temporary scripts on the Hiera server
    Hiera connection method

    *Only shown when Hiera on Puppet Master server is 'No'

    Select the connection method
    Hiera Username

    *Only shown when Hiera on Puppet Master server is 'No'

    Username (UPN format) that has permissions to the Hiera server
    Hiera SSH Key used?

    *Only shown when Hiera Connection Method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Hiera Password

    *Only shown when Hiera Connection Method is winrm or Hiera SSH Key used is 'No'

    Username's password
    Hiera SSH Key

    *Only shown when SSH key used is 'Yes'

    SSH Key
    Hiera SSH Key password protected?

    *Only shown when SSH key used is 'Yes'

    Select 'Yes' if the SSH key is password protected
    Hiera SSH Key Password

    *Only shown when SSH key used is 'Yes' and SSH key password protected is 'Yes'

    SSH Key password

    *Entire section is only shown when Create hiera node data is 'Yes'

    Hiera pre-create script
    Hiera pre-create script Script to execute prior to creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-create script arguments Script arguments, if any
    Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-create script
    Hiera post-create script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-create script arguments Script arguments, if any
    Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera pre-delete script
    Hiera pre-delete script Script to execute prior to deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-delete script arguments Script arguments, if any
    Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-delete script
    Hiera post-delete script Script to execute after deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-delete script arguments Script arguments, if any
    Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile MastersHiera post-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile MastersHiera post-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node script arguments Script arguments, if any
    Purge node script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters

    *Only shown when Use separate Compile Masters is 'Yes'

    Compile Masters Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Compile Masters Purge node script arguments Script arguments, if any
    Compile Masters Purge node script interpreter Script interpreter, e.g. /bin/bash
    Console
    Purge node console script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node console script arguments Script arguments, if any
    Purge node console script interpreter Script interpreter, e.g. /bin/bash
    Database

    *Only shown when Use separate database is 'Yes'

    Purge node database script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node database script arguments Script arguments, if any
    Purge node database script interpreter Script interpreter, e.g. /bin/bash
  3. On the Catalog page, click on the Request button for: Add Puppet Agent Configuration
    Add Puppet Agent Configuration
    Puppet Agent Configuration

    A Puppet Agent configuration defines the Puppet Agent settings

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet version Select the Puppet Agent version
    Puppet environment Provisioned node environment

    Can be templated: SovLabs Template Engine

    OS Family for provisioned nodes unix or windows
    Directory for temporary scripts Directory to put temporary scripts on the provisioned node
    puppet.conf configuration
    puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

    Can be templated: SovLabs Template Engine

    puppet.conf filename

    Can be templated: SovLabs Template Engine

    Connection configuration
    Connection method
    • SSH for unix
    • cygwinssh, winrm or WinSSHD for Windows
    Username Username (UPN format) that has permissions to login to the provisioned node
    SSH Key used?

    Only shown when connection method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Password

    Only shown when SSH key used is No

    Username's password
    SSH Key

    Only shown when SSH key used is Yes

    SSH Key
    SSH Key password protected?

    Only shown when SSH key used is Yes

    Select Yes if the SSH key is password protected
    SSH Key Password

    Only shown when SSH key used is Yes and SSH key password protected is Yes

    SSH Key password
    Facter files
    Facter facts template Template of the facter facts

    Warning: Facter facts file contents does not support encryption

    Can be templated: SovLabs Template Engine

    Facter facts format Format for the Facter facts file
    Facter facts filename

    Can be templated: SovLabs Template Engine

    Classes
    Classes Add existing classes in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    { "sudo":{} }

    No parameters


    { “sudo”: {"param1": "val1", "param2": "val2"}}

    With 2 parameters

    { "sudo" : {}, "apache": {} }

    No parameters


    { { "sudo": {"param1": "val1", "param2": "val2"}} , { "apache": {"param1": "val1", "param2": "val2"}} }

    With 2 parameters

    Custom group name When classes are defined, creates a custom group with this specified name

    Can be templated: SovLabs Template Engine

    Groups
    Groups Add existing groups in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    Installer file(s)
    Source Installer file Define source installer file (for Windows Puppet Agent)
    Destination Installer file Define destination installer file (for Windows Puppet Agent)
    Install Puppet on a node script
    Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

    Can be templated: SovLabs Template Engine

    Install script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Install script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
    Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
    Run Puppet Script
    Run Puppet script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Run Puppet script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Run Puppet script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Run Puppet script validation
    Run Puppet script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Run Puppet script validation prior to certificate being signed
    Pre-certificate success exit codes Success exit codes.

    List multiple exit codes comma separated

    Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Final Run Puppet script validation
    Final Puppet Run script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Post script Script to execute after the final Puppet Run

    Can be templated: SovLabs Template Engine

    Post script arguments Script arguments, if any
    Post script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Post script validation
    Post script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Pre-Puppet Remove script Script to run prior to removing Puppet from node

    Can be templated: SovLabs Template Engine

    Pre-Puppet Remove script arguments Script arguments, if any
    Pre-Puppet Remove script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the Puppet Enterprise property groups:
        • Puppet Master: starts with SovLabs-PuppetMaster-
        • Puppet Agent: starts with SovLabs-PuppetAgent

        Do not attach more than 1 set of Puppet Master/Puppet Agent property groups to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Puppet Enterprise property groups:
        • Puppet Master: starts with SovLabs-PuppetMaster-
        • Puppet Agent: starts with SovLabs-PuppetAgent
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Puppet Open Source with Foreman

The SovLabs Puppet Open Source with Foreman Module increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management together with the option to utilize Foreman for the Dashboard and Node Classifier.

Quick start process

  1. Define Puppet Open Source with Foreman Master(s)
  2. Define Puppet Open Source with Foreman Agent configuration(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Supports node classification support for Hiera, Manifest files and Foreman
  • Optionally creates node in Foreman and assigns node to an existing group
  • Supports multiple versions of Puppet Open Source and Foreman
  • Installs Puppet Agent, configures puppet.conf, creates Hiera data and local Facter facts, if desired
  • Supports certificate signing/cleaning or Puppet auto-sign scenarios
  • Eases portability between private and public cloud scenarios: agentless, OS native protocols
  • Supports custom deployment/code promotion scenarios and pre/post activities via inline command definitions
  • Ties in existing custom vRO workflow content via workflow hooks
  • Supports simple or distributed Puppet implementations
  • Supports creation of multiple Foreman, Puppet Master and Puppet Agent configurations as needed
  • Delivers dozens to thousands of Puppet deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Create Puppet Certificate and Update Puppet Console configuration

    Create the certificate on the Puppet CA that will be used for communication with the Foreman API and the Puppet CA API.

    Perform the following for each Puppet CA utilized

    Puppet Open Source v3.8.x

    In the following instructions, replace CERTNAME with the name you wish to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify auth.conf:
      1. Type in
        vi /etc/puppet/auth.conf
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        path  /certificate_status
        method find, save, search
        auth yes
        allow CERTNAME
        
      3. Save the file: Hit the esc key and then type in :wq!
    5. Restart necessary services by typing in: service puppet restart
  2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
    • root with SSH keys
    • root with password
    • Service account with sudo permissions
  3. Collect the appropriate keys from the Puppet Master:

    Replace CERTNAME with the name identified in Step 1 (e.g. vrosvc)

    TypeLocation
    CA Certificate/var/lib/puppet/ssl/ca/ca_crt.pem
    Service Account Certificate/var/lib/puppet/ssl/certs/CERTNAME.pem
    Service Account Private Key/var/lib/puppet/ssl/private_keys/CERTNAME.pem
  4. If any Puppet Agents are Windows OS:
  5. Login to the vRA tenant
    1. Add license for Puppet Open Source with Foreman module
    2. Validate the following show up on the Catalog page:
      1. Add Foreman Master Configuration
      2. Add Foreman Agent Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Foreman Master Configuration
    Add Foreman Master Configuration
    Foreman Master Configuration

    A Foreman Master Configuration is a target Foreman Master

    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet Open Source with Foreman version Select the Puppet Open Source with Foreman version
    Foreman configuration
    Foreman Hostname Foreman hostname in FQDN formaat
    Foreman Port Port for Foreman, defaults to 443
    Username Foreman username with admin permissions
    Password User's password
    Puppet Master connection configuration
    Puppet Master OS Family Currently, only allows for unix
    Puppet Master Hostname Hostname of Puppet Master in FQDN format
    Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
    Directory for temporary scripts Directory to put temporary scripts on the Puppet Master
    Connection method Currently, only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root/sudo permissions to the Puppet Master
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Compile Masters Hostnames

    *Only shown when 'Use separate Compile Masters' is Yes

    Input the Compile Master(s) in FQDN format
    Compile Masters OS Family

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate Compile Masters' is Yes

    Directory to put temporary scripts on the Compile Masters
    Connection method

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Compile Master(s)
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Database configuration
    Use separate database? Select Yes to define database
    Database hostname

    *Only shown when 'Use separate database' is Yes

    Database hostname in FQDN format
    Database OS Family

    *Only shown when 'Use separate database' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate database' is Yes

    Directory to put temporary scripts on the database
    Connection method

    *Only shown when 'Use separate database' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Puppet database
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Certificate PEM files
    API Certificate Puppet API Certificate PEM file

    Puppet Master: /var/lib/puppet/ssl/certs/CERTNAME.pem

    API RSA Private Key Puppet API RSA Private Key PEM file

    Puppet Master: /var/lib/puppet/ssl/private_keys/CERTNAME.pem

    API CA Certificate Puppet API CA file

    Puppet Master: /var/lib/puppet/ssl/ca/ca_crt.pem

    Certificate Authority
    Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If 'Yes', skips signing the certificate
    Certificate Authority Hostname Puppet Certificate Authority Hostname (FQDN)
    Certificate Authority Port Port the Puppet Certificate Authority listens on, defaults to 8140
    API CA Certificate Puppet API Certificate Authority Certificate
    Hiera node data configuration
    Create hiera node data? Select 'Yes' to create hiera node data
    Hiera node data format

    *Only shown when Create hiera node data is 'Yes'

    Hiera node data format
    Hiera node data filename

    *Only shown when Create hiera node data is 'Yes'

    Filename for hiera node data

    Can be templated: SovLabs Template Engine

    Hiera node data template

    *Only shown when Create hiera node data is 'Yes'

    Hiera data template

    Can be templated: SovLabs Template Engine

    Hiera eyaml Public Key

    *Only shown when Hiera node data format is eyaml

    Hiera eyaml public key
    Additional configuration

    *Only shown when Create hiera node data is 'Yes'

    Hiera on Puppet Master server? Select 'No' if the hiera server is on a different server from the Puppet Master
    Hiera Hostname

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera Hostname (FQDN)
    Hiera OS Family

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera OS type
    Directory for temporary scripts

    *Only shown when Hiera on Puppet Master server is 'No'

    Directory to put temporary scripts on the Hiera server
    Hiera connection method

    *Only shown when Hiera on Puppet Master server is 'No'

    Select the connection method
    Hiera Username

    *Only shown when Hiera on Puppet Master server is 'No'

    Username (UPN format) that has permissions to the Hiera server
    Hiera SSH Key used?

    *Only shown when Hiera Connection Method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Hiera Password

    *Only shown when Hiera Connection Method is winrm or Hiera SSH Key used is 'No'

    Username's password
    Hiera SSH Key

    *Only shown when SSH key used is 'Yes'

    SSH Key
    Hiera SSH Key password protected?

    *Only shown when SSH key used is 'Yes'

    Select 'Yes' if the SSH key is password protected
    Hiera SSH Key Password

    *Only shown when SSH key used is 'Yes' and SSH key password protected is 'Yes'

    SSH Key password

    *Entire section is only shown when Create hiera node data is 'Yes'

    Hiera pre-create script
    Hiera pre-create script Script to execute prior to creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-create script arguments Script arguments, if any
    Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-create script
    Hiera post-create script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-create script arguments Script arguments, if any
    Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera pre-delete script
    Hiera pre-delete script Script to execute prior to deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-delete script arguments Script arguments, if any
    Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-delete script
    Hiera post-delete script Script to execute after deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-delete script arguments Script arguments, if any
    Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile MastersHiera post-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile MastersHiera post-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node script arguments Script arguments, if any
    Purge node script interpreter Script interpreter, e.g. /bin/bash
  3. On the Catalog page, click on the Request button for: Add Foreman Agent Configuration
    Add Foreman Agent Configuration
    Foreman Agent Configuration

    A Foreman Agent configuration defines the Puppet Open Source with Foreman Agent settings

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet Open Source with Foreman version Select the Puppet Open Source / Foreman version
    Puppet environment Provisioned node environment

    Can be templated: SovLabs Template Engine

    OS Family for provisioned nodes unix or windows
    Directory for temporary scripts Directory to put temporary scripts on the provisioned node
    puppet.conf configuration
    puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

    Can be templated: SovLabs Template Engine

    puppet.conf filename

    Can be templated: SovLabs Template Engine

    Connection configuration
    Connection method
    • SSH for unix
    • cygwinssh, winrm or WinSSHD for Windows
    Username Username (UPN format) that has permissions to login to the provisioned node
    SSH Key used?

    Only shown when connection method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Password

    Only shown when SSH key used is No

    Username's password
    SSH Key

    Only shown when SSH key used is Yes

    SSH Key
    SSH Key password protected?

    Only shown when SSH key used is Yes

    Select Yes if the SSH key is password protected
    SSH Key Password

    Only shown when SSH key used is Yes and SSH key password protected is Yes

    SSH Key password
    Facter files
    Facter facts template Template of the facter facts

    Warning: Facter facts file contents does not support encryption

    Can be templated: SovLabs Template Engine

    Facter facts format Format for the Facter facts file
    Facter facts filename

    Can be templated: SovLabs Template Engine

    Classes
    Classes Add existing classes in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    Host Group
    Host Group Add existing host group in Foreman for provisioned node to join

    Can be templated: SovLabs Template Engine

    Installer file(s)
    Source Installer file Define source installer file (for Windows Puppet Agent)
    Destination Installer file Define destination installer file (for Windows Puppet Agent)
    Install Puppet on a node script
    Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

    Can be templated: SovLabs Template Engine

    Install script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Install script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
    Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
    Run Puppet Script
    Run Puppet script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Run Puppet script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Run Puppet script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Run Puppet script validation
    Run Puppet script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Run Puppet script validation prior to certificate being signed
    Pre-certificate success exit codes Success exit codes.

    List multiple exit codes comma separated

    Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Final Run Puppet script validation
    Final Puppet Run script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Post script Script to execute after the final Puppet Run

    Can be templated: SovLabs Template Engine

    Post script arguments Script arguments, if any
    Post script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Post script validation
    Post script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Pre-Puppet Remove script Script to run prior to removing Puppet from node

    Can be templated: SovLabs Template Engine

    Pre-Puppet Remove script arguments Script arguments, if any
    Pre-Puppet Remove script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the Puppet Open Source with Foreman property groups:
        • Puppet Master: starts with SovLabs-ForemanMaster-
        • Puppet Agent: starts with SovLabs-ForemanAgent-

        Do not attach more than 1 set of Foreman Master / Foreman Agent property groups to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Puppet Open Source with Foreman property groups:
        • Puppet Master: starts with SovLabs-ForemanMaster-
        • Puppet Agent: starts with SovLabs-ForemanAgent-
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Red Hat Satellite

The SovLabs Red Hat Satellite Module increases IT agility and speed of delivery by driving Red Hat Satellite’s software and subscription management features from a cloud consumption model. Organizations depend on Red Hat Satellite’s errata management capabilities to stay compliant with security and bugfix management.

With the SovLabs Red Hat Satellite Module organizations can now easily drive multiple Satellite subscription configurations and ensure proper registration and content deployment from Red Hat systems provisioned from vRealize Automation.

Quick start process

  1. Define Red Hat Satellite configuration(s)
  2. Apply to existing blueprint
  3. Provision!

  • Supports automatic downloading and installing Satellite CA onto a node (server with Red Hat OS)
  • Registers a node with Satellite activation key(s) during provisioning
  • Installs Katello agent on a node during provisioning
  • Option to force update a node from Satellite during provisioning
  • Unregisters a node during de-provisioning
  • Utilizes SovLabs Credential Store for credential reuse between multiple configuration definitions
  • Delivers dozens to thousands of Red Hat Satellite deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Red Hat Satellite server is properly configured
  2. Red Hat Satellite server is configured to utilize activation key(s) for registering nodes
  3. Red Hat Satellite service user account must have rights to add/update/delete content hosts
  4. Login to the vRA tenant
    1. Add license for Red Hat Satellite module
    2. Validate the following show up on the Catalog page:
      1. Add Satellite Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Satellite Configuration
    Add Satellite Configuration
    Satellite Configuration

    A Satellite configuration is a target Red Hat Satellite server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Satellite Hostname FQDN or IP address of Red Hat Satellite server
    Satellite Username Service account username that has permissions to the Red Hat Satellite server to add/update/delete content hosts
    Satellite Password User's password
    Satellite Organization

    Auto-populates based on valid Satellite Hostname, Satellite username and password

    Select the desired organization to register VMs to

    Activation Key(s) names or template

    List all Red Hat Satellite activation keys by name

    Can be templated: SovLabs Template Engine

    Satellite API 6 upgrade_all? Perform Satellite API 6 upgrade_all?
    Satellite Authorization
    Create Authorization?

    Select No to choose from existing authorizations

    Select Yes to create a new authorization

    Authorization

    *Only shown when 'Create Authorization' is No

    Select the appropriate authorization from an existing list of authorizations

    Authorization configuration label

    *Only shown when 'Create Authorization' is Yes

    Unique name for authorization.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Use SSH Key?

    *Only shown when 'Create Authorization' is Yes

    Select whether or not this authorization utilizes an SSH key

    Username

    *Only shown when 'Create Authorization' is Yes

    Username

    Password

    *Only shown when 'Create Authorization' is Yes and 'Use SSH Key' is No

    Username's password

    SSH Key

    *Only shown when 'Create Authorization' is Yes and 'Use SSH Key' is Yes

    SSH Key

    SSH Key Password

    *Only shown when 'Create Authorization' is Yes and 'Use SSH Key' is Yes

    SSH Key's password, if any

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Red Hat Satellite property group (starts with SovLabs-Satellite-)

        Do not attach more than 1 Red Hat Satellite property group to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Red Hat Satellite property group: (starts with SovLabs-Satellite-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

SovLabs Modules Appendix

Updating a SovLabs vRA module item

On each vRA tenant for each SovLabs module vRA item to update, perform the following steps

  1. Login to the desired vRA tenant
  2. Click on the Items tab
  3. Select the desired SovLabs module name via the left-hand menu
  4. Click on the desired SovLabs module vRA item

    Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage

  5. Click on Actions > Update
  6. Fill out the update form fields properly
  7. Click Submit

Managing Authentications for SovLabs modules

SovLabs Authorization allows authorization/authentication credentials to be stored and reused for SovLabs modules

SovLabs Authorization
SovLabs Authorization

SovLabs Authorization allows better management of credentials across blueprints and configuration items. Once an Authorization is configured, it will be encrypted

Modules that use the Authorization configuration will provide a dropdown list of relevant Authorization configurations to choose from

An authorization is tenant specific

Prerequisites

  • If utilizing SSH keys, have the full SSH private key readily available along with the SSH Key passphrase, if a passphrase is required
  • If using a simple login username and password, have the credentials readily available

Add an Authorization

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Select the Manage Authorization Configuration catalog item
  4. Fill out the request form fields properly:
    FieldValue
    Create Authorization? Select Yes
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type

    Type of authorization use

    Subtype

    Subtype for granular filtering

    For types other than Provisioned Node, leave blank

    Connection method Select either basic or SSH
    SSH Key used?

    *Only shown when 'Connection method' is SSH

    Select Yes to use an SSH key
    Username Username that has necessary permissions
    Password

    *Only shown when 'SSH key used' is No

    Users's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key Password

    *Only shown when 'SSH key used' is Yes

    SSH Key password, if any
  5. Click Submit

A SovLabs Authorization does not create an Item in vRA

Update an Authorization

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Select the Manage Authorization Configuration catalog item
  4. Fill out the request form fields properly:
    FieldValue
    Create Authorization? Select No
    Delete Authorization Select No
    Authorization? Select the desired authorization to update
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type

    Type of authorization use

    Subtype

    Subtype for granular filtering

    For types other than Provisioned Node, leave blank

    Connection method Select either basic or SSH
    SSH Key used?

    *Only shown when 'Connection method' is SSH

    Select Yes to use an SSH key
    Username Username that has necessary permissions
    Password

    *Only shown when 'SSH key used' is No

    Users's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key Password

    *Only shown when 'SSH key used' is Yes

    SSH Key password, if any
  5. Click Submit

A SovLabs Authorization does not create an Item in vRA

Delete an Authorization

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Select the Manage Authorization Configuration catalog item
  4. Fill out the request form fields properly:
    FieldValue
    Create Authorization? Select No
    Delete Authorization Select Yes
    Authorization Select the desired authorization to delete
  5. Click Submit

Deleting a SovLabs vRA module item

On each vRA tenant for each SovLabs module vRA item to delete, perform the following steps

  1. Login to the desired vRA tenant
  2. Click on the Items tab
  3. Select the desired SovLabs module name via the left-hand menu
  4. Click on the desired SovLabs module vRA item

    Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage

  5. Click on Actions > Delete
  6. Accept the defaults
  7. Click Submit