Getting Started

SovLabs Extensibility Modules 2017.2.x for vRA 7.x

Overview

SovLabs Automation and Extensibility Modules allow your IT department to build a fully-functioning Cloud Management Platform (CMP) without writing a single workflow.

Integrate with your existing tools for DNS and IPAM, among others. Our modules manage things like adding and removing DNS records, Active Directory, IPAM reservations, and much more. Manage server lifecycles from provisioning to disposal and provide value to your business in days instead of months.

Benefits

Quick start

Don't spend weeks learning how to build vRO workflows and vRA content. You can be up and running next week. Let us be your content experts.

Simple installation

Our software is delivered as a plugin which is imported into vRealize Orchestration. A configuration workflow creates the core vRA resources.

Protect your investment

We test against new versions of vRA/vRO as they are released and we release a new SovLabs vRA Module Plugin to you. Take the worry out of maintaining your CMP investment and upgrade vRA/vRO without fear of breaking your IT Processes.

The SovLabs plugin provides a flexible template language that allows for utilization and transformation of vRA Custom Properties, which can drastically reduce complexity in large environments.

Assumptions

Consumer has the following VMware products and has basic knowledge on how to access and use:

Terminology

TermDefinition
vRAShort for VMware’s vRealize Automation

Formerly known as vCenter Automation Center (vCAC)

vROShort for VMware’s vRealize Orchestrator

Formerly known as vCenter Orchestrator (vCO)

vRA Lifecycles

SovLabs Automation and Extensibility Modules utilizes the following vRA lifecycles:

vRA LifecycleDetails
Machine RequestedvRA is requesting a reservation and network IP
Machine BuildingvRA is assigning a reservation and network IP
Machine ProvisionedvRA provisioned machine, e.g. cloned virtual machine
Machine ReconfigurevRA is reconfiguring the virtual machine
Machine DisposingvRA is destroying virtual machine
Machine Disposing_POSTvRA destroyed the virtual machine

1. Setup vRA

Perform the following prior to the SovLabs plugin installation and configuration

Install and configure VMware's vRealize Automation (vRA) 7.x+

1.1 Additional vRA configurations

  • Create a vRA service account in Active Directory for the SovLabs plugin to utilize
  • Add the vRA service account to vRA IaaS admins
  • Configure vRA Tenant(s) (supports vsphere.local)
  • Configure a vRA Business Group
  • Configure and test vRA Compute Resources, Reservations, etc
  • Create, configure and test vRA Blueprint(s) for each OS desired (with necessary network profiles, reservations, etc.)

1.2 Configure vRA service account permissions

  1. Login to the root vRA tenant: https://vRA-FQDN/vcac
  2. Click on Administration tab > Users & Groups > Custom Groups
  3. If a group does not exist, add a group:
    1. Input the group name and description. DO NOT put spaces in the group name.
    2. Select all roles listed in the Add Roles to this Group box

      The two roles required: Tenant Administrator & XaaS Architect

    3. Click Next
    4. Type in the vRA service account or vRA service account group
    5. Click Add
  4. If a group exists, edit the group:
    1. Verify that the two roles are selected:
      • Service Architect
      • XaaS Architect
    2. Click Next
    3. Type in the vRA service account or vRA service account group
    4. Click Update

1.3 Configure a vRO endpoint in vRA

  1. Login to the vRA tenant:
  2. Perform the following if using an external vRO

    • Click on the Administration tab > vRO Configuration > Server Configuration:
      • Toggle the Use an external Orchestrator server radio button.
      • Select Basic authentication and enter appropriate credentials

        Should be Service Account configured in Step 1.1
        Username in UPN format user@domain

      • Click Test Connection. If connection is successful, click OK.
    • Add an external vRO endpoint in vRA for Infrastructure:
      1. Click on the Infrastructure tab > Endpoints > Endpoints:
        • Click on +New > Orchestration > vRealize Orchestrator
        • Fill out the form accordingly
        • Click on +New Custom Property to add the property:
          • Name: VMware.VCenterOrchestrator.Priority
          • Value: (number, 1 being highest priority)
        • Click OK

    Perform the following if using the internal vRO

    • Toggle the Use the default Orchestrator server that was configured by the system administrator radio button
    • Click Test Connection. If connection is successful, click OK.

1.4 Configure Extensibility lifecycle message timeout

Perform the following for each vRA tenant utilized

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Administration > Global settings:
    • Select (click on) the Extensibility lifecycle message timeout row
    • Click on the Edit button
    • Input a value that will be greater than the longest event workflow subscription timeout (e.g. 3+)

2. Setup vRO

Perform the following prior to the SovLabs plugin installation and configuration

Install and configure VMware's vRealize Orchestrator (vRO) 7.x+

2.1 Active Directory configuration

  • Create or identify a vRO Admins group in Active Directory where the vRO server(s) belong
  • Create or identify a vRO Service Account in Active Directory for the SovLabs plugin to utilize

2.2 Configure vRO execution permissions

The following is necessary in order for vRO to execute external applications and perform actions such as ping

Perform the following steps for each vRO server that will be utilized

  1. SSH as user root to the vRO server (e.g. SSH via PuTTy)
  2. Modify the vmo.properties file:
    1. vi /etc/vco/app-server/vmo.properties
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end file:
      com.vmware.js.allow-local-process=true
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
  3. Modify the js-io-rights.conf file:
    1. vi /etc/vco/app-server/js-io-rights.conf
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end file:
      +rwx /tmp
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
  4. Restart the vRO server(s)
    • Type in service vco-server restart

2.2.1 EMC's FEHC 3.x and 4.x

EMC's Federation Enterprise Hybrid Cloud

  1. SSH as user root to the vRO server (e.g. SSH via PuTTy)
  2. Modify the setenv.sh file:
    1. vi /usr/lib/vco/app-server/bin/setenv.sh
    2. Press the i key on the keyboard
    3. Copy & paste the following line to the end of the JVM_OPTS variable:
      -Djsse.enableSNIExtension=false
    4. Press the esc key on the keyboard
    5. Type in :wq! and press the Enter key
  3. Restart the vRO server(s)
    • Type in service vco-server restart

2.3 Configure Kerberos

Perform the following steps for each vRO server that will be utilized

  1. SSH as user root to the vRO server
  2. Create the file krb5.conf:
    1. vi /usr/java/jre-vmware/lib/security/krb5.conf
    2. Press the i key
    3. Copy & paste the following into the file with the following content

      Replace example.com with company domain appropriately
      If EXAMPLE.COM is in all uppercases, domain should be in all caps.
      If example.com is in all lowercases, domain should be in lowercase letters.

    4. [libdefaults]
        default_realm = EXAMPLE.COM
        udp_preferences_limit = 1 
      [realms] 
        EXAMPLE.COM = {
          kdc = example.com
          default_domain = example.com
        }
      [domain_realm] 
        .example.com=EXAMPLE.COM
        example.com=EXAMPLE.COM
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
      
      [libdefaults]
       default_realm = SOVLABS.NET
       udp_preferences_limit = 1 
        [realms] 
        SOVLABS.NET = {
          kdc = sovlabs.net
          default_domain = sovlabs.net
        }
      [domain_realm] 
        .sovlabs.net=SOVLABS.NET
        sovlabs.net=SOVLABS.NET
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON 
      

      Configuration Note:
      For the [realms] section, you may put a domain in the kdc = line, or you may specify one or more specific domain controllers by FQDN.

      If you configure a domain for your kdc, a domain controller will be resolved from the domain automatically.

      For a lab or non-production environment, or for a very large network with DCs spanning multiple geographical locations, it might be beneficial to specify your kdcs as specific Domain Controllers.

      However, if you specify DCs by name, if you remove DCs or the names change, the configuration here would have to change. Please consider these factors in your decision.

      To specify multiple Domain controllers individually, simply add a line for each DC, like this:
      [realms]
       EXAMPLE.COM = {
         kdc = domaincontroller01.example.com
         kdc = domaincontroller02.example.com
         kdc = domaincontroller03.example.com
         default_domain = example.com
       }

      Multiple domain scenario

      Any child domains must be defined before the parent domains in the [domain_realm] section

      [libdefaults]
       default_realm = EXAMPLE1.COM
       udp_preferences_limit = 1 
        [realms] 
        EXAMPLE1.COM = {
          kdc = example1.com
          default_domain = example1.com
        }
        EXAMPLE2.COM = {
          kdc = example2.com
          default_domain = example2.com
        }
      [domain_realm] 
        .example1.com=EXAMPLE1.COM
        example1.com=EXAMPLE1.COM
        .example2.com=EXAMPLE2.COM
        example2.com=EXAMPLE2.COM
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON 
      
      [libdefaults]
       default_realm = SOVLABS.NET
       udp_preferences_limit = 1 
        [realms] 
        SOVLABS.NET = {
          kdc = sovlabs.net
          default_domain = sovlabs.net
        }
        SOVLABS.2K8AD.NET = {
          kdc = sovlabs.2k8ad.net
          default_domain = sovlabs.2k8ad.net
        }
      [domain_realm]
        .sovlabs.2k8ad.net=SOVLABS.2K8AD.NET
        sovlabs.2k8ad.net=SOVLABS.2K8AD.NET
        .sovlabs.net=SOVLABS.NET
        sovlabs.net=SOVLABS.NET
      [logging] 
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON 
      

      sovlabs.2k8ad.net is the child domain

    5. Press the esc key
    6. Type :wq!
    7. Press the enter key
  3. Ensure that the file has the appropriate permissions: chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf
  4. Restart vRO service: service vco-server restart

2.4 Download vRO's vRA plugin

If your vRA version is 7.2 or greater, skip to Step 2.6

Download vRO's vRA plugin via: VMware's vRO Plug-In for vRA

Must have a VMware account to download. Two plugins are included in the plugin download

For instance, downloading o11nplugin-vcac-6.2.3-3004239.vmoapp will provide: 1) vCAC Infrastructure Administration plugin and 2) vCloud Automation Center plugin

2.5 Install vRO's vRA plugins

If your vRA version is 7.2 or greater, skip to Step 2.6

Perform the following for each vRO server

  1. Login to the vRO configuration page: https://vro-fqdn:8283/vco-controlcenter/#/ with user root
  2. Click on the Manage Plug-Ins icon
  3. Locate on the Install plug-in section
  4. Drag the plugin .dar or .vmoapp file into the browse bar
  5. Click on Install
  6. Repeat Steps 4 and 5 for the second plugin
  7. Restart the vRO server
    1. On the Home page, click on the Startup Options icon
    2. Click on Restart
    3. Wait for vRO to restart successfully
  8. Log back in to the vRO configuration page
  9. Click on the Manage Plug-Ins icon
  10. Verify that the installed plugin is listed among the vRO plugins

2.6 Configure vRA endpoints in vRO

2.6.1 Add vRA host for tenant

Perform the following once in vRO for each vRA tenant

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: /Library/vRelease Automation/Configuration/Add a vRA host
  6. Fill out the form fields properly:
    FieldValue
    HostnamevRA server

    If utilizing vsphere.local tenant, begin the hostname with "sovlabs_"
    (e.g. sovlabs_vra01.example.com)

    The SovLabs plugin can't differentiate between vRA Shared Session endpoint for created for SovLabs and the Default "Per User" one already configured for vsphere.local, so the module looks for the one that begins with "sovlabs_".

    Host URLvRA URL
    Automatically install SSL certificates?Yes
    Connection TimeoutKeep default
    Operation TimeoutKeep default
    Session modeShared Session
    TenantPrimary vRA tenant for vRO to interact with
    UsernamevRA Service Account username
    PasswordvRA Service Account password
  7. Click Submit
The Add a vRA host workflow should complete successfully

2.6.2 Add an IaaS host

Perform the following once in vRO for each vRA tenant

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: /Library/vRealize Automation/Infrastructure Administration/Configuration/Add an IaaS host
  6. Fill out the form fields properly:
    FieldValue
    NameIaaS Host FQDN
    Host URLIaaS Host FQDN
    Automatically install SSL certificaitesYes
    Connection timeout (seconds)Keep default
    Operation timeout (seconds)Keep default
    Session modeShared Session

    If utilizing a vRO built in to the vRA appliance, use SSO

    Authentication usernameUsername without domain name
    PasswordUser's password
    Workstation for NTLM authenticationLeave as blank
    Domain for NTLM authenticationDomain
  7. Click Submit
The Add an IaaS host workflow should complete successfully

3. Environment setup

3.1 Firewall Rules

Please verify all applicable sources and destinations on the following ports are open.

Note that all ports listed below are default/standard ports. Your configuration may vary. Please verify with your local administrator.

All
SourceTargetProtocolStandard Port(s)Bi-directionalSovLabs Module(s)
vRO ServerAnsible TowerTCP - HTTPS443Ansible Tower
Ansible TowervRO ServerTCP8281Ansible Tower
vRO ServerBlueCatTCP - HTTPS443BlueCat IPAM & DNS
vRO ServerBT DiamondTCP - HTTPS8443BT Diamond IP: IPAM & DNS
vRO ServerInfobloxTCP443Infoblox IPAM & DNS
vRO ServerSolarWinds DatabaseTCP1433SolarWinds IPAM
vRO ServerWindows 2012 Member ServersTCP22Microsoft AD
Microsoft DNS
vRO ServerSovLabs Microsoft Endpoints for ADTCP/UDP139
445
5985
5986
Microsoft AD
vRO ServerSovLabs Microsoft Endpoints for DNSTCP/UDP139
445
5985
5986
Microsoft DNS
Windows 2012 Member ServersSovLabs Microsoft Endpoints for ADTCP88
389
9389
Microsoft AD
Windows 2012 Member ServersSovLabs Microsoft Endpoints for DNSTCP53
139
389
445
464
Microsoft DNS
vRO ServerServer SubnetsTCP22
139
445
5985
5986
vRO ServerPuppet MasterTCP22
8140
Puppet Enterprise
vRO ServerPuppet Compile MastersTCP22Puppet Enterprise
vRO ServerPuppet ConsoleTCP22
4433
Puppet Enterprise
vRO ServerPuppet DatabaseTCP22Puppet Enterprise
vRO ServerPuppet HieraTCP22Puppet Enterprise
vRO ServerForemanTCP22
443
Puppet Open Source with Foreman
vRO ServerPuppet MasterTCP22
8140
Puppet Open Source with Foreman
vRO ServerServiceNow CMDB
*Needs Internet access
TCP443ServiceNow CMDB
vRO ServerRed Hat Satellite serversTCP22
80
443
Red Hat Satellite
vRO ServervCenter serversTCP80
443
vSphere DRS and Snapshot Management
vRO ServerNirmata
*Needs Internet access
TCP443Multi-cloud Docker Container Management with Nirmata
vRO ServerSMTPTCP25
465 (SSL)
587 (STARTTLS)
Notifications
vRO ServerIMAPTCP143
993 (SSL)
Notifications

If you are not planning on doing any of the following, skip to Step 4:
 • SovLabs Microsoft Active Directory Module
 • Sovlabs Microsoft DNS Module
 • SovLabs Microsoft IPAM Module
 • SovLabs Puppet Enterprise or Foreman Open Source Modules to manage Windows servers

3.2 Setup WinRM

WinRM must be enabled for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)

3.1.1 Activate WinRM on a Windows server

Activating WinRM on a Windows server allows the SovLabs modules to function properly on proxy and/or target Windows servers

SovLabs modules: AD, DNS, IPAM

  1. Download the Activate WinRM PowerShell script

    Disclaimer: Please review the activate-winrm.ps1 PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers

  2. Login to the Windows server
  3. Upload the .ps1 file to desired directory
  4. Open PowerShell Run as Administrator
  5. Run the script by entering the full path to the script: C:\[folderpath]\activate-winrm.ps1
  6. WinRM should activate successfully

3.1.2 Enable activate WinRM on a vRA blueprint

Enabling activate WinRM on a vRA blueprint allows the SovLabs modules to function properly on provisioned VMs

SovLabs modules: Puppet Enterprise, Puppet Open Source with Foreman

  1. Download the Activate WinRM PowerShell script

    Disclaimer: Please review the activate-winrm.ps1 PowerShell script and modify according to your best security practices. Rules in Windows Firewall are configured to allow for connectivity to/from vRA and vRO servers

  2. Upload the activate-winrm.ps1 script onto a desired share server
  3. Login to vCenter
  4. Navigate to Home > Customization Specification Manager
  5. Edit desired Customization Specification(s)
  6. Click on Run Once tab and add the following commands:
    • cmd /c powershell -executionpolicy Bypass -noninteractive -file //{{share path}}/activate-winrm.ps1

      Replace {{share path}} with the path to the share that contains the activate-winrm.ps1 script

    • cmd /c shutdown /l /f

      If other commands exist, please make sure this command is at the very end. The command logs the Administrator off

  7. Click OK to save the modifications on the Customization Specification(s)
  8. Login to vRA tenant
  9. Navigate to blueprints: Design tab > Blueprints
  10. Edit desired blueprint(s)
  11. Click on the blueprint vSphere machine on the Design Canvas
  12. Click on Build Information tab on the blueprint
  13. Type in or verify the Customization Specification name in the Customization spec field
  14. Save blueprint by clicking on Finish

3.3 Configure Windows Member Server

Configure Windows Member Server with Remote Management and SSH server. If direct connection to your Windows Domain Controllers (DCs) is either restricted or otherwise not desired, a Windows Member Server configured for remote management can be used by the SovLabs plugin to manage AD and DNS entries.

The modules for DNS and AD require powershell cmdlets, so the Windows Member Server must be Windows 2012 or above.

The SovLabs Plugins for Microsoft AD and DNS use SSH as the connection method to the Windows Member Server. Therefore, the Member Server must have either CygwinSSH server or Bitvise SSH server installed and configured.

Perform the following steps for each Windows Member server that will be utilized

  1. Login to the Windows server
  2. If this server will remotely manage Active Directory, install these Roles on your Member Server:
  3. Under Role Administration Tools
    1. Active Directory module for Windows Powershell
    2. AD DS Tools
      1. Active Directory Administrative Center
      2. AD DS Snap-Ins and Command-Line Tools
    3. AD LDS Snap-ins and Command-Line Tools
  4. If this server is a domain controller, install AD Webservices
  5. If this server will remotely manage MS DNS, install DNS Server Tools:
    1. Access the Server Manager
    2. Click on Manage option on the top right menu > Add Roles and Features
    3. On the Add Roles and Features Wizard:
      1. Before You Begin: Click Next
      2. Installation Type: Accept defaults and click Next
      3. Server Selection: Accept defaults and click Next
      4. Server Roles: Accept defaults and click Next
      5. Features:
        1. Expand Remote Server Administration Tools
        2. Select DNS Server Tools
        3. Click Next
      6. Confirmation: Click Install
      7. Results: Verify valid results
  6. Install and configure SSH server appropriately for:
  7. Bitvise SSH Server is a third-party product which requires a valid license. See See www.bitvise.com for details.

  8. If non-administrative rights are desired:
    1. Create a share
    2. Assign Modify (read/write) permissions to a user account

4. Configure SovLabs Plugin

4.1 Download & install SovLabs Plugin

Download the SovLabs plugin

Perform the following for each vRO server

  1. Login to the vRO configuration page: https://vro-fqdn:8283/vco-controlcenter/#/ with user root
  2. Click on the Manage Plug-Ins icon
  3. Locate on the Install plug-in section
  4. Drag the plugin .dar or .vmoapp file into the browse bar
  5. Click on Install
  6. Restart the vRO server
    1. On the Home page, click on the Startup Options icon
    2. Click on Restart
    3. Wait for vRO to restart successfully
  7. Log back in to the vRO configuration page
  8. Click on the Manage Plug-Ins icon
  9. Verify that the installed plugin is listed among the vRO plugins

4.2 First install

SovLabs plugin has been downloaded and installed (Section 4.1)

Installing and configuring the SovLabs plugin is only performed once for each vRA tenant and vRO server the SovLabs vRA Extensibility modules interact with

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Workflows tab
  5. Run vRO workflow: SovLabs/Configuration/SovLabs Configuration
  6. Fill out the SovLabs Configuration workflow form appropriately:
    FieldInstructions
    Main Configuration
    vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant
    Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group
    Create SovLabs vRA Catalog Service? Select 'Yes'
    Security Group

    vRA service account in UPN format (e.g. group.domain.com)

    *Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service

    Publish License Content? Select 'Yes'
    Upgrade Options
    Upgrade existing SovLabs vRA content? Select 'No'
    Apply Upgrade Transformations? Select 'No'
    Lifecycle Configuration - Install/Upgrade
    Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? Select 'Yes'

    *Enables vRA to call vRO during machine lifecycles

  7. Click Submit
  8. Verify that the SovLabs Configuration workflow completed successfully

4.3 Performing an update

If installing in an environment with multiple vRO servers (clustered) the plugin must be installed on all of the vRO servers.
Please ensure that the SovLabs plugin has been installed on all vRO servers and that the vRO service has been restarted on all of them.

  1. New SovLabs plugin has been downloaded and installed (Section 4.1)
  2. Open the vRO client
  3. Login to the vRO server
  4. Click on the Design mode, located near the top-left corner of the client
  5. Click on the Workflows tab
  6. Run vRO workflow: SovLabs/Configuration/SovLabs Configuration

    The SovLabs Configuration workflow only needs to be run on one vRO in a clustered environment

  7. Fill out the SovLabs Configuration workflow form appropriately:
    FieldInstructions
    Main Configuration
    vRA Tenant Name for SovLabs Service and Catalog Items Select the appropriate tenant
    Business Group Name to be associated with the SovLabs vRA Catalog Service Select the appropriate business group
    Create SovLabs vRA Catalog Service? Select 'No'
    Security Group

    vRA service account in UPN format (e.g. group.domain.com)

    *Is the security group defined in vRA that will be entitled to the SovLabs vRA Catalog Service

    Publish License Content? Select 'No'
    Upgrade Options
    Upgrade existing SovLabs vRA content? Select 'Yes'
    Apply Upgrade Transformations? Select 'No'
    Lifecycle Configuration - Install/Upgrade
    Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? Select 'Yes' only if modifications are necessary

    *Enables vRA to call vRO during machine lifecycles

  8. Click Submit
  9. Verify that the SovLabs Configuration workflow completed successfully

4.4 Verifying SovLabs plugin

4.4.1 Verify via vRO

  1. Open the vRO client
  2. Login to the vRO server
  3. Click on the Design mode, located near the top-left corner of the client
  4. Click on the Inventory tab
  5. Verify that the SovLabs vRA Extensibility Modules plugin exists

4.4.2 Verify via vRA

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Verify that the Add License - SovLabs Modules catalog exists

SovLabs Extensibility modules

Add module license(s)

Add module license

Each SovLabs Extensibility Module will require a license to enable functionality

Once SovLabs Extensibility modules have been purchased, an email with order details and license keys attached will be sent

Perform the following steps for each license on all vRA tenant(s)

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Click on the Add License - SovLabs Modules catalog item
  4. Fill out the form fields properly:
    Field Instructions
    Product ID Copy & paste the license key's file name (e.g. SL-VRA-XXXX)
    License Key (including header) Copy & paste the entire license file attachment contents into this field
  5. Click Submit
Successful execution results in the additional catalog item(s) pertaining to the module in the Catalog page.

Ansible Tower

The SovLabs Ansible Tower Module for vRealize Automation is a comprehensive end-to-end solution that elegantly combines both platforms, enabling advanced provisioning capabilities from vRealize Automation while simultaneously providing the ability to manage dynamic inventories/grouping using vRA inventory metadata for ongoing day 2 management via Tower.

Quick start process

  1. Define Ansible Tower Endpoint(s)
  2. Setup Tower vRA Inventory Profile(s) and Configure in Tower
  3. Define Ansible Tower Inventory Profile(s)
  4. Provision!

Ansible Tower Dynamic Inventory Support

  • Ability to define and filter inventories and groups based on vRA constructs (e.g. tenant, business group, network, deployment name, component name, or any VM property)
  • Ability to include meta data (vRA properties, deployment and request data, vRA constructs, etc.) for each host
  • Ability to include existing/previously deployed vRA inventory into Ansible Tower to enable management of vRA deployed inventory via Tower Configurable caching for dynamic inventory (additive caching, cache expiration, page size, etc.)
  • Multiple vRA/vRO instances and multi-tenant support
  • Ability to specify individual hosts (--hostname parameter)
  • Inventoried VMs have a complete list of vRA properties, deployment and request data, vRA constructs, etc., which can be used to dynamically determine which playbooks to run, values to be written into files, etc.

vRA Provisioning Capabilities

  • Ability to create a Tower profile, encompassing the following capabilities:
    • Can be attached globally to a vRA (composite) blueprint or to an individual VM component, with a 1:1 ratio of profile to VM
    • Executed for VMs being provisioned by vRA in context of blueprint/deployment
    • User selectable or Administrator pinnable job Template per Blueprint via the
    • SovLabs Template Engine Ability to filter on team and project
    • Ability to pick one or more job templates from Tower inventory
    • Ability to specify one or more job templates via SovLabs templated definition utilizes template engine to dynamically render based on runtime VM properties
    • Ability to override credential selection using credentials defined in Tower
    • Ability to override inventory, default based on job template
    • Ability to configure machines to limit job template execution to (default limits to machines in a given vRA deployment of a composite blueprint)
    • Ability to supply extra vars, as a JSON or YAML formatted string which can include variables given by the user, including answers to survey questions. Extra vars can be templated via SovLabs Template Engine .
  • Supports vSphere and AWS machine types with future support for Azure
  • Supports single or multi-machine, including nested blueprints
  • Supports Tower’s ability to execute on multiple VM components at once by injecting and filtering dynamic inventories/groupings for VMs within respective deployment/blueprint during provisioning

General Capabilities

  • Support for multiple Tower endpoints, inventories and profiles
  • Support for vRA Auto Scale feature
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Simple 2-step install and upgrade process
  • Quick start process: Define Tower endpoint(s), Setup Tower vRA Inventory Profile(s)/Configure in Tower, Setup Tower profile(s) and provision!

Prerequisites

  1. Ansible Tower is properly configured
  2. Have an account with Ansible Tower
  3. Dynamic Inventory script vra.py is installed
  4. Dynamic Inventory config vra.yaml is installed
  5. Set up Organizations, Teams, Projects, Job Templates, Machine Credentials, and Inventories in Ansible Tower
  6. Set up any Playbooks to be exercised from Ansible Tower
  7. Login to the vRA tenant
    1. Add license for Ansible Tower module
    2. Validate the following show up on the Catalog page:
      1. Add Ansible Tower Endpoint
      2. Add Ansible Tower Profile
      3. Add Ansible Tower Inventory Profile
      4. Manage Credentials

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Ansible Tower Endpoint
    Add Ansible Tower Endpoint
    Ansible Tower Endpoint

    An Ansible Tower Endpoint is an Ansible Tower host

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name

    Host URL URL to Ansible Tower
    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

    Organization
    Organization

    Select the appropriate organization from an existing list of organizations

  3. On the Catalog page, click on the Request button for: Add Ansible Tower Profile
    Add Ansible Tower Profile
    Ansible Tower Profile

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name

    Ansible Tower Endpoint Select an Ansible Tower Endpoint
    Filter Projects by Team

    Auto-generated list of Teams based on the Ansible Tower Endpoint selected

    Select the desired Team, if any
    Filter Job Templates by Project

    Auto-generated list of Projects based on the Ansible Tower Endpoint selected

    Select the desired Project, if any
    Get Job Templates from list? Select No to manually enter a Job Template name. Select Yes to select from an existing list
    Job Templates If No was selected for 'Get Job Templates from list?', manually enter a Job Template name.
    If Yes was selected for 'Get Job Templates from list?', select an existing Job Template
    Get Deprovision Job Templates from list? Select No to manually enter a deprovision Job Template name. Select Yes to select from an existing list of deprovision Job Templates
    Deprovision Job Templates If No was selected for 'Get Deprovision Job Templates from list?', manually enter a deprovision Job Template name.
    If Yes was selected for 'Get Deprovision Job Templates from list?', select an existing deprovision Job Template
    Advanced
    Machine credential

    Auto-generated list of machine credentials based on the Ansible Tower Endpoint selected

    Select the desired machine credential, if any
    Inventory

    Auto-generated list of Inventory based on the Ansible Tower Endpoint selected

    Select the desired Inventory, if any
    Extra vars

    Define a string that represents a JSON or YAML formatted dictionary (with escaped parentheses) which includes variables given by the user, including answers to survey questions

  4. On the Catalog page, click on the Request button for: Add Ansible Tower Inventory Profile
    Add Ansible Tower Inventory Profile
    Ansible Tower Inventory Profile

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name

    Ansible Tower Endpoint Select an Ansible Tower Endpoint
    vRA IaaS URL

    Auto-generated vRA IaaS URL, must match a configured IaaS URL in vRO

    Verify vRA IaaS URL
    Filters
    vRA Business Group(s)

    Auto-generated list of vRA Business Groups, if any

    Select the desired vRA Business Group(s). Leave blank to select all
    Property Filters Specify the properties (key, value) to filter on. May have zero or more property filters
    Dynamic Groups
    Group separator Define how VMs will be grouped via one or more string characters. Used in the groups definitions below to separate groups name
    Groups Groups are defined as templates that will be resolved with vmProperties. If one property does not resolve, that group will be omitted. List groups, separated by the character defined in Group separator above
    Paging
    Result page size Specify the maximum number of VMs to return at one time, will make multiple calls to get the entire inventory. Leave blank to get all VMs in a page result.

    Inventory Configuration

    1. Remote login to the Ansible Tower instance
    2. Create a directory for the Ansible Tower Inventory Profile config file vra.yaml
    3. Download vra.py and vra.yaml from Github into this new directory
    4. Edit vra.yaml
      • Verify all configuration values are correct and appertain to the Ansible Tower setup
      • Verify atow_inv_profile_name is the value of the “Configuration label” from the Ansible Tower Inventory Profile
      • Save & close
    5. Login to Ansible Tower web application
    6. Assuming the Prerequisites section in the beginning of the Ansible Tower section has been completed, add the Dynamic Inventory script vra.py to a new Inventory Script
      1. Click the Settings button in the top menu and select INVENTORY SCRIPTS
      2. Click on +Add or an existing Inventory Script hyperlink
      3. Copy & paste the contents of vra.py into the * CUSTOM SCRIPT field, and provide a value for NAME
    7. Now the Inventory Script will be associated with an Inventory
      1. Click on INVENTORIES in the main menu
      2. Click on +Add or an existing Inventory
      3. Fill in the Name and Description fields and click Save
      4. On the next screen, click on +ADD GROUP
      5. Provide a NAME and click on SOURCE, selecting Custom Script from the drop down. This will cause the *CUSTOM INVENTORY SCRIPT field to appear
      6. Click the spyglass in *CUSTOM INVENTORY SCRIPT and select the name of the INVENTORY SCRIPT item created in Step 6.2
      7. In the ENVIRONMENT VARIABLES text area, enter the following text, substituting the directory path created in Step 2
        VRA_YAML: /{directory path}/vra.yaml
      8. Select the 3 update options of Overwrite, Overwrite Variables, and Update on Launch
      9. Click Save

Disable Inventory

  1. Login to the Ansible Tower web application
  2. Follow Steps 7 and for 7.3, click on SOURCE > Choose a source
  3. Click Save

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the appropriate Ansible Tower property group:
        • Starts with SovLabs-AnsibleTowerProfile-

          Do not attach more than 1 Ansible Tower property group to a blueprint

    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Ansible Tower property group:
        • Starts with SovLabs-AnsibleTowerProfile-
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Custom Naming

Server naming standards are a fact of life for most organizations. Hostnames are the most basic label that apply to all servers, and this identifier has operational value well beyond name resolution. Hostnames help multiple IT and application teams quickly identify and categorize any given server, revealing its function, role, operating system, environment, location or other attributes.

SovLabs enables administrators to easily manage multiple naming standards through data-driven profiles, allowing IT to keep up with changing architectural and application standards or changes to the business such as department/budget re-alignment, acquisitions or mergers. Take control of your hostnames with SovLabs Custom Naming and drive standardization throughout your environment.

The SovLabs Custom Naming Module gives IT administrators a flexible way to meet their server naming standards with vRealize Automation. With Custom Naming from SovLabs, easily create independent data-driven naming sequences and standards so that servers provisioned through vRealize Automation will adhere to specific naming conventions

The SovLabs Custom Naming module is often used in conjunction with other modules from the SovLabs Core Pack, including Active Directory and interchangeable DNS and IPAM modules.

Quick start process

  1. Define Naming Sequence
  2. Define Naming Standard
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible naming standards that include one or more sequences
  • Naming standards consist of a mix of static text and dynamic content such as vRA custom properties and/or custom logic
  • Validates against DNS and vRA database to determine hostname availability
  • Includes advanced selective locking, preventing duplication of hostnames with parallel provisioning without sacrificing performance
  • Allows for creation of multiple types of sequences such as decimal, hex, octal, binary, or custom pattern
  • Dynamic sequences are possible using the pattern type, which can utilize vRA properties (utilizing the SovLabs Template Engine ) in combination with custom logic and one or many sequence types
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Includes option to allow for reuse of sequence values, e.g. for gaps left when machines have been de-provisioned
  • Includes options for sequence length, padding character, initial value
  • Sequences can be updated at any time, for scenarios like increasing sequence length or setting a new initial value (e.g. set next sequence value at 500 instead of 030)
  • Supports creation of multiple naming sequences and standards as needed

Prerequisites

  1. Have naming standard(s) that accounts for different scenarios for your company
  2. Login to the vRA tenant
    1. Add license for Custom Naming module
    2. Validate the following show up on the Catalog page:
      1. Add Naming Sequence
      2. Add Naming Standard

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Naming Sequence
    Add Naming Sequence
    Naming Sequence

    A naming sequence can be used in one or more Naming Standards

    FieldValue
    Sequence label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name for sequence

    Sequence type Choose a sequence type:
    • Decimal (Base 10): 0-9 for each digit
    • HexaDecimal (Base 16): 0-F for each digit
    • Octal (Base 8): 0-7 for each digit
    • Pattern (Mixed bases and static text ): a flexible pattern that allows for unique naming sequences
    Reuse sequence values? Select Yes to reuse a sequence number if it is available
    Max sequence length

    Shown only when Decimal, HexaDecimal or Octal is selected as the sequence type

    What is the maximum number of the sequence length? If a ### sequence is desired, type in 3 for a three digit sequence length

    Initial value

    What is the initial number the sequence starts off with (0 or 1)?

    *Do not pad this initial value number

    Sequence padding

    Shown only when Decimal, HexaDecimal or Octal is selected as the sequence type

    Numerical value to pad the sequence to the left in the event that the sequence does not meet the required max sequence length. Defaults to 0

    Pattern type format

    Shown only when Pattern is selected as the sequence type

    Unique key Optional
  3. On the Catalog page, click on the Request button for: Add Naming Standard
    Add Naming Standard
    Naming Standard

    A naming standard is a template that generates a specific hostname

    FieldValue
    Naming standard label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique name for naming standard

    Used for multi-machine containers? Select Yes if the naming standard will be used for multi-machine containers
    Select sequence(s) Select the sequences that will be a part of the naming standard
    Template

    Define the naming standard template that will generate the hostname

    The template must include the sequence(s):
    {{ sequence.SEQUENCENAME }}

    Can be templated: SovLabs Template Engine

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Naming Standard property group:
        • Starts with SovLabs-NamingStandard- for single machine scenarios
        • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
        • Do not attach more than 1 Naming Standard property group to a blueprint

    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Naming Standard property group:
        • Starts with SovLabs-NamingStandard- for single machine scenarios
        • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Example(s)

Configure Pattern Type

Pattern naming sequences are designed to be flexible and multiple base sequences that can match most sequence types used in the industry.

Pattern naming sequences can contain the following types of bases:

Type Pattern Key Default Value Range
Decimal # 0 0-9
HexaDecimal x 0 0-F
Octal o 0 0-7
Binary b 0 0-1
Alpha a a a-z

All Pattern Keys are to be defined inside / /, for instance: /a#b/ is a sequence of alpha, decimal, and binary numbers/letters.

A unique feature of the pattern naming standard is that the sequence can contain static or template text in the sequence, yet the sequence increments as you would expect ignoring the text.

For example a pattern of /a/StaticText/b/ will result in a the following sequence values:

aStaticText0, aStaticText1, bStaticText0, bStaticText1, cStaticText0. . .

As you can see that part of the sequence that the counter (inside the / /) increments while the text outside of the / / remains static text, yet as the right most digit rolled over the next significant digit increased as one would expect. This can be used with or without static text.

If a template is used, the counter is incremented first and then the template is rendered. This means if your have a property called "App" and you use it in a pattern such as /#/{{App}}/#/

  • First run, if App = “Test” => sequence value is 0Test1
  • Second run, if App = “Foo” => sequence value is 0Foo2

Custom Notifications

The SovLabs Notifications Module provides an easy yet highly flexible way to send email or REST-based web service notifications based on the success or failure of machine lifecycle events.

This is extremely useful for driving email based automation systems with minimal complexity, or driving web services via REST with dynamic JSON payloads such as ticketing or service management systems.

Quick start process

  1. Define Notification(s)
  2. Define a Notification Group
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible notifications and add them to notification groups
  • Supports REST-based web services or email notifications
  • Notification email subject, body, addresses or web service address and JSON body can consist of a mix of static text and dynamic content such as vRA custom properties and/or custom logic
  • Email notifications consist of message server(s), email groups/addresses (to, cc, bcc), from address, to address, subject and body
  • REST-based notifications consist of a title and JSON body
  • Supports SSL/TLS or unencrypted communications
  • Message servers (email or REST) can be defined independently of notifications
  • Credentials for message servers (email or REST) can be defined independently and re-used among message servers
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. User account with permissions to the webservices and/or email servers desired
  2. Login to the vRA tenant
    1. Add license for Custom Notifications module
    2. If utilizing an email server, gather the following details:
      • IP Address/hostname of the email server
      • Is the service SMTP or IMAP?
      • Credential details (username/password)
      • Whether SSL/TLS or STARTTLS is required to send emails through your email server
      • Port # of SMTP or IMAP service on that host
    3. Common ports: (please verify with administrator or provider)
      • SMTP: 25, 465 (SSL), 587 (STARTTLS)
      • IMAP: 143 or 993 (SSL)
    4. Validate the following show up on the Catalog page:
      1. Add Notification Configuration
      2. Add Notification Group Configuration
      3. Manage Notification Message Server Configuration
      4. Manage Notification Email Group Configuration
      5. Manage Credential Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server configuration
    New Message Server?

    Select Yes to create a new message server

    Select No to choose an existing message server

    Message Server

    *Only shown when 'New Message Server' is No

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for message server

    Message Server Address

    *Only shown when 'New Message Server' is Yes
    Message Server address

    Please note, for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Only shown when 'New Message Server' is Yes

    Choose whether or not SSL is enabled on the message server
    Message Server Port

    *Only shown when 'New Message Server' is Yes

    Message Server port

    Common ports: (please verify with administrator or provider)

    • SMTP: 25, 465 (SSL), 587 (STARTTLS)
    • IMAP: 143 or 993 (SSL)

    Message Server Type

    *Only shown when New Message Server is Yes

    Select whether this message server is an Email or WebService type
    Message Server HTTP Verb

    *Only shown when New Message Server is Yes and Message Server Type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server Protocol

    *Only shown when 'New Message Server' is Yes

    Select the appropriate protocol
    Enable credential?

    *Only shown when 'New Message Server' is Yes

    Select whether cerdentials are enabled on the message server
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Enable credential' is Yes and 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for credential.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    Username's password

    Enable STARTTLS?

    *Only shown when 'Create credential' is Yes and 'Message Server Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Only shown when the 'Message Server Type' is Email

    New Email Group?

    Select Yes to create a new email group

    Select No to choose an existing email group

    Email Group

    *Only shown when 'New Email Group' is No

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Only shown when 'New Email Group' is Yes

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for email group configuration

    To addresses

    *Only shown when New Email Group is Yes

    Enter all the email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Only shown when 'New Email Group' is Yes

    Enter all the CC'ed email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Only shown when 'New Email Group' is Yes

    Enter all the BCC'ed email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    When all required fields are filled in, Click Next
    Notification configuration
    Configuration label

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for notification configuration

    Type Select whether this notification is for VM lifecycles (VMLIFECYCLE) or vSphere Snapshot Management (SNAPSHOT).
    State

    VMLIFECYCLE: Select whether to send the notification on a success and/or error states during VM lifecycles

    SNAPSHOT: Select whether or not to send notifications when a new snapshot is found (NEW), when a snapshot is going to be deleted (WARNING), and/or when a snapshot has been deleted (DELETE)

    Format Select the appropriate format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message.

    For a WebService, the only payload accepted is a JSON payload

    Can be templated: SovLabs Template Engine

    <table style="font-family: sans-serif; font-size: 14px; color: #404041; sans-serif; padding: 5px; border: none; border-collapse: collapse;"/>
                                           <tbody/>
                                            <tr style="border-bottom: 3px solid #1B75BA;">
                                             <td colspan="2" style="padding-bottom: 10px;">
                                              <a href="https://sovlabs.com" target="_blank"><img src="http://bit.ly/2ozluWb" alt="SovLabs logo"></a>
                                             </td>
                                            </tr>
                                            <tr>
                                             <td colspan="2" style="font-size: 20px; font-weight: bold; padding-top: 10px; padding-bottom: 20px;">
                                          vRA Machine request via SovLabs Notification {{plugins.sovlabs}} for vRA {{plugins.vCAC}}
                                             </td>
                                             </tr>
                                             <tr><td colspan="2" style="padding-bottom: 20px;"><p>Hello,</p><p> A machine has been requested for vRA tenant: <span style="color: #1B75BA ;">{{ tenant }}</span></p></td>
                                             <tr><td colspan="2" style="padding: 10px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Requester details</td></tr>
                                             <tr><th style="text-align: left;">Requested on:</th><td>{{ creationDate }} </td></tr>
                                             <tr><th style="text-align: left;">Requested by:</th><td>{{ ownerName }}</td></tr>
                                             <tr><td colspan="2" style="padding: 30px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Machine details</td></tr>
                                             <tr><th style="text-align: left;">Machine:</th><td>{{ virtualMachineName }}.{{ PrimaryDnsDomain }}</td></tr>
                                             <tr><th style="text-align: left;">Blueprint:</th><td>{{ blueprintName }}</td></tr>
                                             <tr><th style="text-align: left;">Environment:</th><td>{{ Environment }}</td></tr>
                                             <tr><td colspan="2" style="padding: 30px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Log(s)</td></tr>
                                             <tr><td colspan="2">{{ SovLabs_NotificationLog }}</td></tr>
                                             <tr>
                                              <td colspan="2" style="padding: 50px 0px 10px 0px; font-size: 16px; font-weight: bold;">
                                          Regards,
                                          <p>SovLabs</p>
                                              </td>
                                             </tr>
                                             <tr>
                                              <td colspan="2" style="border-top: 1px solid #D5D5D5 ; font-size: 12px;">
                                               <p style="color: #808080;">*Please do not reply to this message.  All replies are routed to an unmonitored mailbox.</p>
                                              </td>
                                             </tr>
                                            </tbody>
                                          </table>
                                        
    <table style="font-family: sans-serif; font-size: 14px; color: #404041; sans-serif; padding: 5px; border: none; border-collapse: collapse;"/>
                                           <tbody/>
                                            <tr style="border-bottom: 3px solid #1B75BA;">
                                             <td colspan="2" style="padding-bottom: 10px;">
                                              <a href="https://sovlabs.com" target="_blank"><img src="http://bit.ly/2ozluWb" alt="SovLabs logo"></a>
                                             </td>
                                            </tr>
                                            <tr>
                                             <td colspan="2" style="font-size: 20px; font-weight: bold; padding-top: 10px; padding-bottom: 20px;">
                                          Welcome to Snapshot Mangement for vRA tenant {{tenant}}
                                             </td>
                                             </tr>
                                             <tr><td colspan="2" style="padding-bottom: 20px;"><p>Hello,</p><p> A new snapshot has been found for vRA tenant: <span style="color: #1B75BA ;">{{ tenant }}</span> on SovLabs vCenter endpoint: {{ iaasVcenterEndpointName }}</p></td>
                                             <tr><td colspan="2" style="padding: 10px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Snapshot details</td></tr>
                                             <tr><th style="text-align: left;">Virtual Machine:</th><td>{{ cafeVirtualMachineName }} </td></tr>
                                             <tr><th style="text-align: left;">Snapshot Name:</th><td>{{ snapshotName }}</td></tr>
                                             <tr><th style="text-align: left;">Snapshot Owner:</th><td>{{ ownerName }} ({{ VM_OWNER_EMAIL }})</td></tr>
                                             <tr><td colspan="2" style="padding: 30px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Snapshot details</td></tr>
                                             <tr><th style="text-align: left;">Log:</th><td>{{ PROCESS_CONTENT }}</td></tr>
                                             <tr>
                                              <td colspan="2" style="padding: 50px 0px 10px 0px; font-size: 16px; font-weight: bold;">
                                          Regards,
                                          <p>SovLabs</p>
                                              </td>
                                             </tr>
                                             <tr>
                                              <td colspan="2" style="border-top: 1px solid #D5D5D5 ; font-size: 12px;">
                                               <p style="color: #808080;">*Please do not reply to this message.  All replies are routed to an unmonitored mailbox.</p>
                                              </td>
                                             </tr>
                                            </tbody>
                                          </table>
                                        
    <table style="font-family: sans-serif; font-size: 14px; color: #404041; sans-serif; padding: 5px; border: none; border-collapse: collapse;"/>
                                           <tbody/>
                                            <tr style="border-bottom: 3px solid #1B75BA;">
                                             <td colspan="2" style="padding-bottom: 10px;">
                                              <a href="https://sovlabs.com" target="_blank"><img src="http://bit.ly/2ozluWb" alt="SovLabs logo"></a>
                                             </td>
                                            </tr>
                                            <tr>
                                             <td colspan="2" style="font-size: 20px; font-weight: bold; padding-top: 10px; padding-bottom: 20px;">
                                          Snapshot Mangement for vRA tenant {{tenant}}
                                             </td>
                                             </tr>
                                             <tr><td colspan="2" style="padding-bottom: 20px;"><p>Hello,</p><p> {{ currentState }} - for snapshot {{ snapshotName }} on {{ cafeVirtualMachineName }}.</p></td>
                                             <tr><td colspan="2" style="padding: 10px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Snapshot details</td></tr>
                                             <tr><th style="text-align: left;">vRA tenant:</th><td>{{ tenant }} </td></tr>
                                             <tr><th style="text-align: left;">SovLabs vCenter endpoint:</th><td>{{ iaasVcenterEndpointName }} </td></tr>
                                             <tr><th style="text-align: left;">Virtual Machine:</th><td>{{ cafeVirtualMachineName }} </td></tr>
                                             <tr><th style="text-align: left;">Snapshot Name:</th><td>{{ snapshotName }}</td></tr>
                                             <tr><th style="text-align: left;">Snapshot Owner:</th><td>{{ ownerName }} ({{ VM_OWNER_EMAIL }})</td></tr>
                                             <tr><td colspan="2" style="padding: 30px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">{{ currentState }} Message</td></tr>
                                             <tr><th style="text-align: left;">Log:</th><td>{{ PROCESS_CONTENT }}</td></tr>
                                             <tr>
                                              <td colspan="2" style="padding: 50px 0px 10px 0px; font-size: 16px; font-weight: bold;">
                                          Regards,
                                          <p>SovLabs</p>
                                              </td>
                                             </tr>
                                             <tr>
                                              <td colspan="2" style="border-top: 1px solid #D5D5D5 ; font-size: 12px;">
                                               <p style="color: #808080;">*Please do not reply to this message.  All replies are routed to an unmonitored mailbox.</p>
                                              </td>
                                             </tr>
                                            </tbody>
                                          </table>
                                        
    When all required fields are filled in, Click Submit
  3. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type Select the type of notifications configurations to group
    Notifications Select all notification configurations filtered by type for this notification group

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Notification Group property group (starts with SovLabs-NotificationGroup-)

        Do not attach more than 1 Notification Group property group to a blueprint

    4. Click OK
  4. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Notification Group property group: (starts with SovLabs-NotificationGroup-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Microsoft Active Directory

Microsoft Active Directory (AD) is a crucial requirement in most Windows server deployments. With the SovLabs Microsoft Active Directory module for vRealize Automation, organizations can flexibly drive Windows server registration with Microsoft Active Directory.

The SovLabs Microsoft Active Directory registration module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming and interchangeable DNS and IPAM modules.

Quick start process

  1. Define Microsoft endpoint(s)
  2. Define Active Directory configuration(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible Active Directory configurations that include one or more Microsoft endpoints
  • Handles simple to complex globally distributed multi-domain, multi-site MS AD environments
  • Registers/cleans computer account with Active Directory
  • Supports placement in a “build OU” during provisioning in order to facilitate software deployments/configurations that require a less restrictive Group Policy
  • Supports moving to a final OU post-provisioning
  • Supports dynamic creation and removal of OUs
  • Supports adding the computer account to existing Active Directory security groups
  • OU and Security Group designations are dynamic templated fields utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve reliability of registration/cleanup to mitigate failures, such as retry logic and post validation checks
  • Microsoft endpoints can also be used with the SovLabs Microsoft IPAM and Microsoft DNS modules

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant
    1. Add license for Microsoft Active Directory module
    2. Validate the following show up on the Catalog page:
      1. Add Microsoft Endpoint
      2. Add ActiveDirectory Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft server
    Hostname

    If 'Is this a proxy ' is set to Yes, this is the proxy server for the target AD server

    AD server (FQDN) or IP address
    Use non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Only shown when 'Use non-standard port' is Yes

    Input the non-standard port for this endpoint
    Username Username (UPN format) that has permissions to add/remove records to/from AD servers
    Password User's password
    Is this a proxy host?

    Proxy hosts are limited to the SSH connection method only

    Choose whether or not to utilize a proxy host to make remote commands to the target AD server

    Remote Server hostname or IP address:

    *Only shown when 'Is this a proxy host' is Yes

    The target AD server
    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  3. On the Catalog page, click on the Request button for: Add ActiveDirectory Configuration
    Add ActiveDirectory Configuration
    Active Directory Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Microsoft Endpoint(s) Select all the Microsoft Endpoint hosts configured for Active Directory
    Computer name case Choose whether or not the computer name added in AD is all uppercase or lowercase
    Build OU
    Use Build OU?

    If Yes, a VM during it's machineBuilding vRA lifecycle will be placed in an interim OU (Build OU)

    Once the VM has finished building and provisioning, the VM will be placed in the [final] OU

    *The Build OU must already exist.

    Build OU

    ActiveDirectory Organizational Unit (OU) in DN format for VM to join prior to completing provisioning

    Create Build OU? Select Yes, to create Build OU if it does not exist
    Remove OU? Select Yes, to remove Build OU if it does not have any children and is empty
    OU
    OU

    ActiveDirectory Organizational Unit (OU) in DN format for VM to join

    Create OU? Select Yes, to create OU if it does not exist
    Remove OU? Select Yes, to remove OU if it does not have any children and is empty
    Security Group(s)
    AD Security Group(s)

    List all Security Group(s) for server to join

    *Can be a static value of either FQDNs or short names (if short names are unique)

    Advanced
    Delete computer accounts based on computer name? Selecting Yes will attempt to find computer account and remove it, regardless of what OU it is in

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Microsoft Active Directory property group (starts with SovLabs-AD-)

        Do not attach more than 1 Microsoft Active Directory property group to a blueprint

    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Microsoft Active Directory property group: (starts with SovLabs-AD-)
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Example(s)

OU={{teamID | downcase }},OU={{ORGID | upcase}},OU={{LOCATION | substring: 0,2 | downcase}},DC=sovlabs, DC=net

Assuming the following properties (teamID, ORGID, LOCATION) is defined on the vRA Blueprint or inherited from the Business Group or Compute Resources, etc.

The resulting OU will be: OU=development,OU=E712,OU=atl,DC=sovlabs,DC=net

Assuming:

teamID = development
ORGID = e712
LOCATION = Atlanta

BlueCat DNS

DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.

With the SovLabs BlueCat DNS for vRealize Automation, organizations who utilize BlueCat for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.

The SovLabs BlueCat DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable IPAM modules.

Quick start process

  1. Define BlueCat endpoint(s)
  2. Define DNS configuration(s)
  3. Provision!

Features

  • Create flexible DNS configurations that include one or more BlueCat endpoints
  • Supports one or more domains and networks in a single DNS configuration
  • Drives advanced BlueCat features such as Custom User Fields flexibly via the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional
  • DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • BlueCat endpoints can also be used with the SovLabs BlueCat IPAM module
  • SovLabs DNS configurations may also be used with SovLabs network load balancer modules
  • Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
  • Supports up to 10 network interfaces per machine

Prerequisites

  1. BlueCat user on (all) BlueCats(s) with API permissions:
    1. Through the BlueCat web portal, go to Administration > Users and Groups
    2. On the top-left of the Users pane, select New > User
    3. In the User creation wizard:
      • Type of user: Administrator
      • Access type: API
  2. Login to the vRA tenant
    1. Add license for BlueCat DNS module
    2. Validate the following show up on the Catalog page:
      1. Add BlueCat Endpoint
      2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add BlueCat Endpoint
    Add BlueCat Endpoint
    BlueCat Endpoint

    A BlueCat Endpoint is the BlueCat appliance where the DNS records are created/removed via the BlueCat API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname BlueCat FQDN
    HTTPS? Choose whether or not BlueCat is on HTTPS
    Port BlueCat's port number
    Configuration name BlueCat's configuration name
    DNS view name BlueCat's DNS view name
    Custom User Field configurations
    DNS record user defined field(s) Add in any Custom User Fields (e.g. comments) used for BlueCat DNS

    Utilize the SovLabs Template Engine

    IP record user defined field(s) Add in any Custom User Fields (e.g. comments) used for BlueCat IPAM

    Utilize the SovLabs Template Engine

    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add DNS Configuration
    Add DNS Configuration
    DNS Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains Add in all domains for this DNS configuration to support
    Networks Add in all the networks (X.x.x.x/CIDR) for this DNS configuration to support
    DNS server type Select Bluecat
    DNS Hosts Select all desired BlueCat endpoints
    Create A Records? Select Yes' to create A Records
    Create PTR Records? Select Yes to create PTR Records
    Use as default server?

    Select Yes to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
    4. Click OK
  3. Repeat Step 2 for all desired blueprints
  4. Click on the Infrastructure tab > Reservations > Reservations
  5. Hover over the reservation in association with the BlueCat DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with BlueCat DNS only if the VM is in the configured domain and network defined for BlueCat DNS

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

BT Diamond IP: DNS

DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.

With the SovLabs BT Diamond DNS for vRealize Automation, organizations who utilize BT Diamond for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.

The SovLabs BT Diamond DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable IPAM modules.

Quick start process

  1. Define BT Diamond endpoint(s)
  2. Define DNS configuration(s)
  3. Provision!

Features

  • Create flexible DNS configurations that include one or more BT Diamond endpoints
  • Supports one or more domains and networks in a single DNS configuration
  • Drives advanced BT Diamond features such as Custom User Defined Fields flexibly via the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional
  • DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • BT Diamond endpoints can also be used with the SovLabs BT Diamond IPAM module
  • SovLabs DNS configurations may also be used with SovLabs network load balancer modules
  • Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
  • Supports up to 10 network interfaces per machine

Prerequisites

  1. User with Administrator type Master and Role superuser
  2. Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
    1. Through the BlueCat web portal, go to Management > DNS > Domains
    2. Select the domain to edit
    3. Set the Negative Cache TTL field to 60
  3. BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
  4. Login to the vRA tenant
    1. Add license for BT Diamond DNS module
    2. Validate the following show up on the Catalog page:
      1. Add BT Diamond Endpoint
      2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add BT Diamond Endpoint
    Add BT Diamond Endpoint
    BT Diamond Endpoint

    A BT Diamond Endpoint is the BT Diamond appliance where the DNS records are created/removed via the BT Diamond API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version BT Diamond version
    IPControl Hostname BT Diamond IPControl FQDN
    Port BT Diamond's port number
    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

    DNS Configuration
    DNS type Select whether the DNS type is BIND or Microsoft
    DNS server FQDN for DNS server
    Host record comments Any comments desired on the host record created
    IPAM Configuration
    IP record user defined field(s) Add in any custom user defined fields (e.g. comments) used for BT Diamond IPAM

    Utilize the SovLabs Template Engine

    Click Next
    Advanced Settings
    Advanced Settings
    • DisableDeviceResourceRecords: boolean

      Force the creation of domain records

    • DnsDeployPollingInterval: number

      Set the DNS Deployment status check polling interval in seconds

    • DnsDeployTimeout: number

      DNS Deployment check timeout. Stop polling after the specified amount of seconds. Timeout will not cancel the deployment job.

  3. On the Catalog page, click on the Request button for: Add DNS Configuration
    Add DNS Configuration
    DNS Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains Add in all domains for this DNS configuration to support
    Networks Add in all the networks (X.x.x.x/CIDR) for this DNS configuration to support
    DNS server type Select BT Diamond
    DNS Hosts Select all desired BT Diamond endpoints with the same DNS type (e.g. BIND or Microsoft)
    Create A Records? Select Yes' to create A Records
    Create PTR Records? Select Yes to create PTR Records
    Create Host records? Select Yes to create Host Records
    Use as default server?

    Select Yes to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
    4. Click OK
  3. Repeat Step 2 for all desired blueprints
  4. Click on the Infrastructure tab > Reservations > Reservations
  5. Hover over the reservation in association with the BT Diamond DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with BT Diamond DNS only if the VM is in the configured domain and network defined for BT Diamond DNS

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Infoblox DNS

DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.

With the SovLabs Infoblox DNS for vRealize Automation, organizations who utilize Infoblox for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.

The SovLabs Infoblox DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable IPAM modules.

Quick start process

  1. Define Infoblox endpoint(s)
  2. Define DNS configuration(s)
  3. Provision!

Features

  • Create flexible DNS configurations that include one or more Infoblox endpoints
  • Supports one or more domains and networks in a single DNS configuration
  • Drives advanced Infoblox features such as Extensible Attributes and DNS Views flexibly via the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional
  • DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • Infoblox endpoints can also be used with the SovLabs Infoblox IPAM module
  • SovLabs DNS configurations may also be used with SovLabs network load balancer modules
  • Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
  • Supports up to 10 network interfaces per machine

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox DNS module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Host
      2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Infoblox Endpoint
    Add Infoblox Endpoint
    Infoblox Endpoint

    A Infoblox endpoint is the Infoblox appliance where the DNS records are created/removed via the Infoblox API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Infoblox Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    Username Infoblox user that has API access and permissions to add/remove records to/from Infoblox
    Password User's password
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view *Optional - What is the DNS view this endpoint supports?
    Network view *Optional - What is the Network view this endpoint supports?
    Advanced Options

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for each of the record types

    Providing an invalid template will cause the API call to fail and the Infoblox endpoint will not be registered

  3. On the Catalog page, click on the Request button for: Add DNS Configuration
    Add DNS Configuration
    DNS Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains Add in all domains for this DNS configuration to support
    Networks Add in all the networks (X.x.x.x/CIDR) for this DNS configuration to support
    DNS server type Select Infoblox
    DNS Hosts Select all desired Infoblox hosts
    Create A Records? Select Yes' to create A Records
    Create PTR Records? Select Yes to create PTR Records
    Create Host records? Select Yes to create Host Records
    Use as default server?

    Select Yes to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
    4. Click OK
  3. Repeat Step 2 for all desired blueprints
  4. Click on the Infrastructure tab > Reservations > Reservations
  5. Hover over the reservation in association with the Infoblox DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with Infoblox DNS only if the VM is in the configured domain and network defined for Infoblox DNS

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

Microsoft DNS

DNS is both a fundamental and critical component of any cloud – private, hybrid, or public. Any DNS inaccuracies due to stale, duplicate or orphaned DNS records can stop a cloud in its tracks, preventing customers from getting VMs and services they’ve requested from the vRealize Automation service catalog.

With the SovLabs Microsoft DNS module for vRealize Automation, organizations who utilize Microsoft for DNS hosting now have a fully automated method of controlling DNS records as the cloud environment dynamically scales, reducing the support burden and increasing the chances of successful ITaaS deployments from the vRealize service catalog.

The SovLabs Microsoft DNS module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Microsoft Active Directory and interchangeable IPAM modules.

Quick start process

  1. Define Microsoft endpoint(s)
  2. Define DNS configuration(s)
  3. Provision!

Features

  • Create flexible DNS configurations that include one or more Microsoft endpoints
  • Handles simple to complex globally distributed multi-zone, multi-site MS DNS environments
  • Supports one or more domains and networks in a single DNS configuration
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • Microsoft endpoints can also be used with the SovLabs Microsoft IPAM and Active Directory modules
  • SovLabs DNS configurations may also be used with SovLabs network load balancer modules
  • Optional feature to designate a default DNS configuration if the domain(s) or network(s) are not matched to any other DNS configuration(s)
  • Supports up to 10 network interfaces per machine

Prerequisites

  1. Define your domain controller server(s) and whether or not proxy servers will be used
  2. Install AD Webservices on all the domain controllers that will be used
  3. Ensure NTP is set up correctly
  4. Login to the vRA tenant
    1. Add license for Microsoft DNS module
    2. Validate the following show up on the Catalog page:
      1. Add Microsoft Endpoint
      2. Add DNS Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft DNS server
    Hostname or IP address

    If 'Is this a proxy host' is set to Yes, this is the proxy server for the target DNS server

    DNS server (FQDN) or IP address
    Use non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Only shown when 'Use non-standard port' is Yes

    Input the non-standard port for this endpoint
    Username Username (UPN format) that has permissions to add/remove records to/from DNS server
    Password User's password
    Is this a proxy host?

    Proxy hosts are limited to the SSH connection method only

    Choose whether or not to utilize a proxy host to make remote commands to the target DNS server

    Remote Server hostname or IP address:

    *Only shown when 'Is this a proxy host' is Yes

    The target DNS server
    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  3. On the Catalog page, click on the Request button for: Add DNS Configuration
    Add DNS Configuration
    DNS Configuration

    A naming standard is a template that generates a specific hostname

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Domains Add in all domains for this DNS configuration to support
    Networks Add in all the networks (X.x.x.x/CIDR) for this DNS configuration to support
    DNS server type Select MS DNS
    DNS Hosts Select all desired Microsoft endpoints
    Create A Records? Select Yes' to create A Records
    Create PTR Records? Select Yes to create PTR Records
    Use as default server?

    Select Yes to have this DNS configuration be the default if domain or network is not matched in any other DNS configuration(s)

    Only recommended for simple DNS configurations

Usage

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
    4. Click OK
  3. Repeat Step 2 for all desired blueprints
  4. Click on the Infrastructure tab > Reservations > Reservations
  5. Hover over the reservation in association with the Microsoft DNS configured domain and click Edit
    1. Click on the Network tab
    2. Check the appropriate network path and select the appropriate Network Profile from the dropdown
    3. Click OK

The next provisioned VM will automatically attempt to register with Microsoft DNS only if the VM is in the configured domain and network defined for Microsoft DNS

Advanced

Register with additional DNS zones for the same NIC and hostname

  1. Verify a DNS configuration exists for the additional DNS zones
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_AdditionalDNSSuffixes for the Name field
      3. For the Value field:
        • Type in a list of additional DNS zones to register the host
        • Must be comma separated
        • Example: zone1.com,zone2.com
      4. Click on the button
    4. Click OK
  4. Repeat Step 2 for all desired blueprints

Disable

  1. Click on the Design tab > Blueprints
  2. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Custom Properties section:
      1. Click on the New Property button
      2. Type in SovLabs_DisableDNS for the Name field
      3. Type in true for the Value field
      4. Click on the button
    4. Click OK
  3. Repeat Step 2 for all desired blueprints

BlueCat IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs BlueCat IPAM module for vRealize Automation, organizations who utilize BlueCat for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs BlueCat IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define BlueCat endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include one or more BlueCat endpoints
  • Drives advanced BlueCat features such as Custom User Fields flexibly via the SovLabs Template Engine
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • BlueCat endpoints can also be used with the SovLabs BlueCat DNS module
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. BlueCat user on (all) BlueCats(s) with API permissions:
    1. Through the BlueCat web portal, go to Administration > Users and Groups
    2. On the top-left of the Users pane, select New > User
    3. In the User creation wizard:
      • Type of user: Administrator
      • Access type: API
  2. Login to the vRA tenant
    1. Add license for BlueCat DNS module
    2. Validate the following show up on the Catalog page:
      1. Add BlueCat Endpoint
      2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add BlueCat Endpoint
    Add BlueCat Endpoint
    BlueCat Endpoint

    A BlueCat Endpoint is the BlueCat appliance where the DNS records are created/removed via the BlueCat API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Hostname BlueCat FQDN
    HTTPS? Choose whether or not BlueCat is on HTTPS
    Port BlueCat's port number
    Configuration name BlueCat's configuration name
    DNS view name BlueCat's DNS view name
    Custom User Field configurations
    Host record user defined field(s) Add in any custom user fields (e.g. comments) used for BlueCat DNS

    Utilize the SovLabs Template Engine

    IP record user defined fields Add in any custom user fields (e.g. comments) used for BlueCat IPAM

    Utilize the SovLabs Template Engine

    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select Bluecat
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a BlueCat Endpoint

    Select the desired BlueCat endpoint

    Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
    Gateway: X.x.x.x
    Network Name: Corresponds to the VMWare port group name Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

BT Diamond IP: IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs BT Diamond IPAM module for vRealize Automation, organizations who utilize BT Diamond for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs BT Diamond IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define BT Diamond endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include one or more BT Diamond endpoints
  • Drives advanced BT Diamond features such as custom User Defined Fields flexibly via the SovLabs Template Engine
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • BT Diamond endpoints can also be used with the SovLabs BT Diamond DNS module
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. User with Administrator type Master and Role superuser
  2. Configure Negative Cache TTL on each DNS domain zone otherwise machine provisioning will fail:
    1. Through the BlueCat web portal, go to Management > DNS > Domains
    2. Select the domain to edit
    3. Set the Negative Cache TTL field to 60
  3. BT Diamond's default SSL certificate has a weak hash algorithm that the vRO appliance rejects. Please contact SovLabs for further assistance if the native BT Diamond SSL certificate is being used.
  4. Login to the vRA tenant
    1. Add license for BT Diamond DNS module
    2. Validate the following show up on the Catalog page:
      1. Add BT Diamond Endpoint
      2. Add IPAM Profile

Setup

  1. On the Catalog page, click on the Request button for: Add BT Diamond Endpoint
    Add BT Diamond Endpoint
    BT Diamond Endpoint

    A BT Diamond Endpoint is the BT Diamond appliance where the IP records are created/removed via the BT Diamond API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version BT Diamond version
    IPControl Hostname BT Diamond IPControl FQDN
    Port BT Diamond's port number
    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

    DNS Configuration
    DNS type Select whether the DNS type is BIND or Microsoft
    DNS server FQDN for DNS server
    Host record comments Any comments desired on the host record created
    IPAM Configuration
    IP record user defined field(s) Add in any custom user defined fields (e.g. comments) used for BT Diamond IPAM

    Utilize the SovLabs Template Engine

    Click Next
    Advanced Settings
    Advanced Settings
    • DisableDeviceResourceRecords: boolean

      Force the creation of domain records

    • DnsDeployPollingInterval: number

      Set the DNS Deployment status check polling interval in seconds

    • DnsDeployTimeout: number

      DNS Deployment check timeout. Stop polling after the specified amount of seconds. Timeout will not cancel the deployment job.

  2. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select BT Diamond
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a BT Diamond Endpoint

    Select the desired BT Diamond endpoint

    Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
    Gateway: X.x.x.x
    Network Name: Corresponds to the VMWare port group name Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Currently does not support Excluded IPs. This field is hidden
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Infoblox IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs Infoblox IPAM module for vRealize Automation, organizations who utilize Infoblox for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs Infoblox IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define Infoblox endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include one or more Infoblox endpoints
  • Drives advanced Infoblox features such as Extensible Attributes and DNS Views flexibly via the SovLabs Template Engine
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • Infoblox endpoints can also be used with the SovLabs Infoblox DNS module
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Endpoint
      2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Infoblox Endpoint
    Add Infoblox Endpoint
    Infoblox Endpoint

    A Infoblox endpoint is the Infoblox appliance where the DNS records are created/removed via the Infoblox API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Infoblox Hostname Infoblox appliance's FQDN or IP address
    HTTPS Select whether or not the Infoblox appliance is HTTPS
    Port

    Normally 443 for HTTPS and 80 for HTTP

    Infoblox appliance port
    Username Infoblox user that has API access and permissions to add/remove records to/from Infoblox
    Password User's password
    WAPI Version

    Select 1.2 if WAPI version is less than 2.0

    Select 2.0 if WAPI version is 2.0 or greater

    DNS view *Optional - What is the DNS view this endpoint supports?
    Network view *Optional - What is the Network view this endpoint supports?
    Advanced Options

    *Optional - enables additional configuration by adding additional fields (e.g. comments) into the JSON payload for each of the record types

    Providing an invalid template will cause the API call to fail and the Infoblox host will not be registered

  3. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select Infoblox
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added an Infoblox Endpoint

    Select the desired Infoblox Endpoint

    Subnets, Gateways and Network names Subnet: x.x.x.x/CIDR
    Gateway: x.x.x.x
    Network Name: Corresponds to the VMWare port group name Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Microsoft IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs Microsoft IPAM module for vRealize Automation, organizations who utilize Microsoft IPAM for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs Microsoft IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define Microsoft endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include one or more Microsoft endpoints
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • Microsoft endpoints can also be used with the SovLabs Microsoft DNS and Active Directory modules
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. Install IPAM client on Microsoft IPAM (target or proxy) server:
    1. Server Manager > Manage > Add Roles and Features
    2. Accept defaults and click Next until the Features option
    3. Expand Remote Server Administration Tools > expand Feature Administration Tools
    4. Select IP Address Management (IPAM) Client
    5. Confirm and click Install
  2. Enable non-local administrators to run IPAM cmdlets
  3. Login to the vRA tenant
    1. Add license for Microsoft IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Microsoft Endpoint
      2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Microsoft Endpoint
    Add Microsoft Endpoint
    Microsoft Endpoint

    A Windows 2012 R2 member server or domain controller that is utilized by the SovLabs plugin for a target AD, DNS, and/or IPAM server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Connection method Select how the SovLabs modules will connect to the target or proxy Microsoft IPAM server
    Hostname or IP address

    If 'Is this a proxy host' is set to Yes, this is the proxy server for the target IPAM server

    IPAM server (FQDN) or IP address
    Use non-standard port? Select the checkbox if WinRM or SSH daemon was configured to listen on a non-standard port
    Port

    *Only shown when 'Use non-standard port' is Yes

    Input the non-standard port for this endpoint
    Username Username (UPN format) that has permissions to add/remove records to/from IPAM server
    Password User's password
    Is this a proxy host?

    Proxy hosts are limited to the SSH connection method only

    Choose whether or not to utilize a proxy host to make remote commands to the target IPAM server

    Remote Server hostname or IP address:

    *Only shown when 'Is this a proxy host' is Yes

    The target IPAM server
    Advanced Configuration
    Temporary directory where scripts will be placed If not provided, will default to C:\Windows\temp
    Share path for temporary directory to access Define if administrative shares are not available

    Type in path\share instead of \\share-server\path\share

  3. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select Microsoft
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint

    Select the desired Microsoft Endpoint

    Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
    Gateway: X.x.x.x
    Network Name: Corresponds to the VMWare port group name Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

SolarWinds IPAM

IP Address Management (IPAM) is a means of planning, tracking, and managing the IP address space used in a network. Many organizations choose enterprise IPAM solutions in order to give them centralized visibility and control of their entire IP space.

With the SovLabs SolarWinds IPAM module for vRealize Automation, organizations who utilize SolarWinds for centralized IP address management now have a fully automated method of obtaining and releasing IP addresses as the cloud environment dynamically scales. IP subnets can now easily be shared between vRA deployments and alongside existing tools and devices without fear of IP conflict.

The SovLabs SolarWinds IPAM module is often used in conjunction with other modules from the SovLabs Core Pack, including Custom Naming, Active Directory and interchangeable DNS modules.

Quick start process

  1. Define SolarWind database endpoint(s)
  2. Define IPAM profile(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Create flexible IPAM profiles that include a SolarWinds database endpoint
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • Option to set 'Scan IP' in SolarWinds to false for the reserved IP address
  • Option to set 'Comment' in SolarWinds for the reserved IP address
  • IPAM profiles include basic IP information such as DNS and WINS configurations
  • IPAM profiles can be pinned to specific NIC numbers
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM profiles allow for a list of excluded IP addresses
  • IPAM profile fields can be dynamic, utilizing the SovLabs Template Engine
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites

  1. Database credentials for the SolarWinds database with permissions to execute SET/GET queries
  2. Login to the vRA tenant
    1. Add license for SolarWinds IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add SolarWinds Database Endpoint
      2. Add IPAM Profile

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add SolarWinds Database Endpoint
    Add SolarWinds Database Endpoint
    SolarWinds Database Endpoint

    A SolarWinds database endpoint is the target SolarWinds database

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Database Hostname FQDN or IP address of server where SolarWinds database resides
    Database Name SolarWinds Database name (normally SolarWindsOrion by default
    Database Port Defaulted to be 1433
    Set skip scan? Option to skip IP scanning for a used IP in SolarWinds
    IPAM comment field Set the comment field in SolarWinds IPAM
    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add IPAM Profile
    Add IPAM Profile
    IPAM Profile

    An IPAM profile defines necessary IPAM information

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Description *Optional - Description of IPAM profile
    IPAM type Select Solarwinds
    Provider host

    Auto-populates after an IPAM type is selected. If nothing is available, please make sure to have added a SolarWinds Database Endpoint

    Select the desired SolarWinds Database Endpoint

    Subnets, Gateways and Network names Subnet: X.x.x.x/CIDR
    Gateway: X.x.x.x
    Network Name: Corresponds to the VMWare port group name Utilize the SovLabs Template Engine
    1. Type in a subnet and its gateway and network name (all comma separated) into the input field

      (e.g. 10.0.0.0/24, 10.0.0.1, networkName)

    2. Click the green to add the entry into the array
    3. Repeat Steps 1-2 until all desired subnets for the IPAM profile are entered
    Excluded IPs Enter all IPs to be excluded (e.g. 10.0.0.1)
    NIC number Enter in a NIC number (0-9) for this IPAM profile
    Primary DNS Input the Primary DNS
    Secondary DNS Input the Secondary DNS
    DNS suffix Input the DNS suffix
    DNS search suffix Input the DNS search suffix(es) (comma separated)
    Primary WINS Input the Primary WINS
    Secondary WINS Input the Secondary WINS

Usage

  1. Login to the vRA tenant
  2. Click on the Infrastructure tab > Reservations > Network Profiles
  3. Hover over the network profile that best matches the network for this IPAM and click Edit
    1. On the Network Profile Information tab in the DNS/WINS section, verify that the DNS Suffix is set
    2. Click OK
  4. Click on the Reservation menu item from Infrastructure tab > Reservations
  5. Hover over the reservation in association with the network profile from Step 3 and click Edit
    1. Click on the Network tab
    2. Uncheck all network paths
    3. Clear the all Network Profile dropdown values (that were associated with the network path(s)) by selecting the empty select option
    4. Click OK
  6. Click on the Design tab > Blueprints
  7. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)

        Do not attach more than 1 IPAM property group to a blueprint

    4. Click OK
  8. Repeat Step 7 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the IPAM property group: (starts with SovLabs-IPAM- and ends with -nic#)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

F5

F5 BIG-IP® is a market-leading load balancing platform that enables a myriad of traffic management features that drive application availability, optimization and security. Until now, only vRO-based solutions were available to vRealize customers, requiring extensive vRO development and customization in order to completely integrate and consume services directly from vRA.

The SovLabs F5 Module for vRealize Automation sets a new standard in load balancer integration technology by bringing F5 BIG-IP® onto the vRA Blueprint Canvas and providing flexible deployment models and a lifecycle that is fully managed in vRealize Automation. Optional custom naming policies for VIPs/Pools, IPAM integrations for VIP assignment and DNS registration are also available out of the box. F5 BIG-IP® is now a first-class citizen in vRealize Automation.

Quick start process

  1. Define F5 Endpoint(s)
  2. Define or choose existing SovLabs Restipe(s)
  3. Drag, drop and modify the Create F5 Virtual and link it to dependent VM(s) on vRA blueprint(s)
  4. Optionally, attach SovLabs-F5NodeConfigurations vRA Property Group per VM component to override node level settings during at request time
  5. Provision!

Features

  • First-class citizen design; drag directly into vRA Blueprint Canvas
  • Associate machine components by linking to the F5 Virtual component in the vRA Blueprint Canvas
  • Option to reuse an existing F5 BIG-IP® virtual server or create a new one
  • Ability to pin/override/hide request form parameters per vRA Composite Blueprint, which can also be saved/exported
  • Supports nested vRA Blueprints
  • Supports vRA scale in, scale out for deployments
  • Select SovLabs Restipe to control lifecycle and configuration parameters, with full REST-based API support for F5 endpoints
  • SovLabs Restipes can be YAML or JSON format
  • SovLabs Restipes can create VIP/Pool/Nodes and assign Nodes to Pool
  • SovLabs Restipes can delete VIP/Pool/Nodes and unassign Nodes from Pool
  • SovLabs Restipes can use vRA properties defined on the F5 Virtual form component in the vRA Blueprint
  • SovLabs Restipes can use any dependent machine component(s) properties within the vRA Composite Blueprint
  • Ability to specify VIP name, IP address, and port at request time
  • Option to integrate IPAM and/or DNS for VIP assignment and DNS registration with Infoblox, BlueCat, Microsoft, SolarWinds, Men and Mice, T Diamond IP at request time
  • Supports multiple DNS domains for optional DNS registration at request time
  • Option to integrate naming standard/sequence definitions for VIPs and Pools at request time
  • Included vRA Property Group for setting additional node-level overrides at the machine component level, such as member port, connection limit, rate limit, priority group and ratio at request time
  • Ability to specify one or more SSL Server Profiles at request time
  • Ability to specify one or more SSL Client Profiles at request time
  • Ability to specify one or more Virtual iRules at request time
  • Ability to specify one or more Pool health monitors and availability requirements at request time
  • Multiple vRA/vRO instances and multi-tenant support
  • Request to create a VIP independently or as part of a vRA Composite Blueprint
  • SovLabs Template Engine allows for static text in combination with vRA custom properties and/or custom logic

Prerequisites

  1. A user account configured in F5 BIG-IP® that has Administrator role/access:
    • Add/Remove Virtual Servers
    • Add/Remove Pools
    • Add/Remove Nodes and Pool node members
    • Optional: Add Virtual Server iRules, Add Server/Client SSL Profiles, Add Pool Health Monitors
  2. Login to the vRA tenant
    1. Add license for F5 module
    2. Validate the following show up on the Catalog page:
      1. Add F5 Endpoint
      2. F5 Virtual
      3. Manage Credential Configurations
      4. Manage Restipe Configurations

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add F5 Endpoint
    Add F5 Endpoint
    F5 Endpoint

    A F5 Endpoint is the F5 appliance where F5 BIG-IP® VIPs can be created/removed via the F5 API

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Hostname F5 BIG-IP® hostname (FQDN or IP address)
    HTTPS? Choose whether or not the F5 BIG-IP® is HTTPS
    Port F5 BIG-IP® port number
    Credential Configuration
    Create credential?

    Select Yes to create a new credential

    Select No to choose from existing credentials

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique credential name

    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Manage Restipe Configuration
    Manage Restipe Configuration
    Manage Restipe Configuration

    The SovLabs F5 module introduces SovLabs Restipes, an “infrastructure as code” approach for defining the steps used to create, reuse, remove and scale F5 structures, such as VIPs, Pools, and Nodes/Members.

    The SovLabs F5 module comes packaged with a functional Restipe with the most common steps and structures. The SovLabs Restipe is a single JSON or YAML formatted script, based on the SovLabs Template Engine. For even more flexibility, use the SovLabs Restipe Guide to create custom Restipes. No need for custom vRO workflows to integrate custom vRA properties or interact with other REST-based endpoints.

    FieldValue
    Action Select whether to Create, Update or Delete
    Filter by type

    Only shown when Action is 'Update' or 'Delete'

    Select the type to filter SovLabs Restipes by
    Restipe Drop-down menu

    Only shown when Action is 'Update' or 'Delete'

    Select the Restipe to update or delete from the drop-down menu
    Type Select the type of SovLabs Restipe
    Configuration label

    Only shown when Action is 'Create'

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Upon licensing SovLabs F5 module, a default SovLabs Restipe has been added: F5Config-internal

    Restipe

    Textarea

    JSON or YAML format

    SovLabs Restipe Guide

Usage for vRA Administrators/Architects

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Create a new blueprint or select an existing blueprint name and click Edit
    1. Under Categories (on left pane), click on Other Components
    2. Drag and drop Create F5 VIP - SovLabs Modules onto the Design Canvas
    3. Tie the Create F5 VIP canvas item to the vSphere Machine cavas item by dragging the arrow FROM Create F5 VIP TO the vSphere Machine
    4. Click on the Create_F5_VIP.. canvas item and a window pane will appear on the bottom
    5. Modify fields as desired by setting the default values for fields and other advanced settings and clicking on Apply for each field
      By setting default fields or having advanced settings on the fields, what a requester sees and can select is controlled upon request time of the vRA blueprint
    6. To add additional node level settings during request time:
      1. Click on the blueprint vSphere machine on the Design Canvas
      2. Click on the Properties tab
      3. In the Property Groups section:
        1. Check the SovLabs-F5NodeConfigurations property group
      4. Click OK
    7. Once the blueprint is set up as desired, click on Finish
    8. If the blueprint saved above is a new blueprint:
      1. Select the blueprint from the list in Design > Blueprints
      2. Click on Publish
      3. Click on Administrators tab > Catalog Management > Catalog items
      4. Find and select the newly created blueprint from the list and click Configure
      5. Find the Service field and select the appropriate Service for the blueprint from the drop-down list
      6. Click OK
  4. If the Create F5 VIP – SovLabs Modules XaaS blueprint needs to be modified:
    1. Click on Design tab > XaaS > XaaS Blueprints
    2. Find and select Create F5 VIP – SovLabs Modules and click Copy
    3. Select Create F5 VIP – SovLabs Modules (2) that was newly created and click Edit
    4. Rename the XaaS blueprint as desired in the Name field (in General tab)
    5. Select the Blueprint form tab and modify the XaaS blueprint and click Finish
    6. Select the XaaS blueprint from the list and click Publish
      1. Click on Administrators tab > Catalog Mangement > Catalog Items
      2. Find and select the newly created XaaS blueprint from the list and click Configure
      3. Find the Service field. Select the appropriate Service for the blueprint from the drop-down list and click OK
    7. Modify or create a SovLabs Restipe to include the new field(s) (follow Step 3 under Setup for this section)
    8. Repeat Step 2 under Usage for Administrators/Architects
  5. Repeat Steps for all desired blueprints

Usage

  1. A vRA tenant user will select the F5 BIG-IP® enabled blueprint from the vRA Catalog to create a VIP and/or have provisioned VMs added in as node members
  2. A vRA tenant user will Destroy the deployment from Items > Deployments to remove members from the VIP and/or destroy the VIP (if no members exist)

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Unpublish
  4. Repeat for all desired blueprints

Multi-Cloud Docker Container Mgmt with Nirmata

While containers have been around a long time, recent innovations from Docker, Inc. and their ecosystem are driving mass adoption.

Containers provide standards based packaging and runtime management for application components. Containers are fast to deploy and make efficient use of system resources. Developers get application portability and programmable image management, while the operations team gets standard runtime units for deployment and management.

All of the above equals agility, speed and potential cost savings around public cloud deployments.

The SovLabs Multi-Cloud Docker Container Management Module, powered by Nirmata, gives both IT and Development teams self-service deployment capabilities for their containerized apps, directly from the vRealize Automation catalog. It’s never been easier to deliver and manage containerized applications across public and private clouds, and connected devices.

Quick start process

  1. Define Nirmata endpoint(s)
  2. Define Nirmata Agent configuration(s)
  3. Optionally, boot strap configurations for container hosts deployed from vRA
  4. Apply to existing blueprint
  5. Provision to deploy apps or container hosts!

Features

  • Flexibly deploy containerized applications across multiple supported private and public cloud platforms, including: Azure, AWS, Google, Cisco Intercloud/Metapod, Digital Ocean, vSphere, vCloud Air, OpenStack
  • Additional support for other public, private and bare metal (physical) servers utilizing the “Other Cloud Providers” type
  • Provision/De-provision container hosts directly from vRA for vRA supported IaaS blueprints (e.g. vSphere, AWS, etc.)
  • Directly manage scale-up or scale-down of cloud instances from a single request, instantly adjusting existing cluster size of host groups of supported provider types
  • The Nirmata Cloud Service includes several capabilities including rich application blueprints, granular policies, flexible deployments, auto scaling & recovery, continuous delivery, service discovery, load balancing, integrated monitoring, real-time analytics
  • Single request deployment from vRA: pick the app, provider/host group and deploy instantly!
  • Get started with Nirmata quickly: nothing to deploy, install or upgrade. On-board your cloud resources and start deploying your applications in minutes!
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Nirmata is properly configured
  2. Have an account with Nirmata
  3. Set up Host Groups and Environments in Nirmata
  4. Set up any applications to be deployed from Nirmata
  5. Login to the vRA tenant
    1. Add license for Multi-cloud Docker Container Management with Nirmata module
    2. Validate the following show up on the Catalog page:
      1. Add Nirmata Endpoint
      2. Add Nirmata Agent
      3. Deploy Nirmata app environment
      4. Destroy Nirmata app environment
      5. Update Nirmata host group

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Nirmata Endpoint
    Add Nirmata Endpoint
    Nirmata Endpoint

    A Nirmata Endpoint is a target Nirmata server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Host URL URL to Nirmata host
    Create Credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create Credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create Credential' is Yes

    Unique name for credential.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create Credential' is Yes

    Username

    Password

    *Only shown when 'Create Credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add Nirmata Agent
    Add Nirmata Agent
    Add Nirmata Agent

    A Nirmata Agent is ...

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Nirmata endpoint Select the desired Nirmata endpoint
    Host group

    Auto-populated based on the Nirmata endpoint selected

    Select the desired host group

    Install script Modify the install script as necessary

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Multi-Cloud Docker Container Management with Nirmata property group (starts with SovLabs-Nirmata-)

        Do not attach more than 1 Multi-Cloud Docker Container Management with Nirmata property group to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Multi-Cloud Docker Container Management with Nirmata property group: (starts with SovLabs-Nirmata-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Puppet Enterprise

The SovLabs Puppet Enterprise Module increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management and vRealize Automation’s provisioning and lifecycle management capabilities.

Quick start process

  1. Define Puppet Master(s)
  2. Define Puppet Agent configuration(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Supports node classification support for Hiera, Manifest files and Puppet Enterprise Console
  • Creates node in the Puppet Enterprise Console and assigns node to class(es) and group(s)
  • Installs Puppet Agent, configures puppet.conf, creates Hiera data and local Facter facts, if desired
  • Supports Hiera-Eyaml for automatic encryption of sensitive data such as passwords and certificates
  • Supports certificate signing/cleaning or Puppet auto-sign scenarios
  • Eases portability between private and public cloud scenarios: agentless, OS native protocols
  • Supports code manager, r10k and custom deployment/code promotion scenarios and pre/post activities via inline command definitions
  • Ties in existing custom vRO workflow content via workflow hooks
  • Supports simple or distributed Puppet implementations
  • Supports creation of multiple Puppet Master and Puppet Agent configurations as needed
  • Delivers dozens to thousands of Puppet deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Create Puppet Certificate and Update Puppet Console configuration

    Create the certificate on the Puppet CA that will be used for communication with the Puppet Console API and the Puppet CA API. This is the certificate that will be configured in your Puppet Master module for certificate credential from the CMP to the Puppet console. In order for the Puppet console API to accept the certificate, the configurations below need to be made.

    Perform the following for each Puppet CA utilized

    Puppet Enterprise v3.8.1

    In the following instructions, replace CERTNAME with the name you wish to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify the certificate_authority.pp:
      1. Type in
        vi /opt/puppet/share/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        class puppet_enterprise::profile::certificate_authority (
          Array[String] $client_whitelist = [ CERTNAME ]
        )
        
      3. Save the file: Hit the esc key and then type in :wq!
    5. Modify auth.conf:
      1. Type in
        vi /etc/puppetlabs/puppet/auth.conf
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        path  /certificate_status
        method find, save, search
        auth yes
        allow CERTNAME
        
      3. Save the file: Hit the esc key and then type in :wq!
    6. Modify the rbac-certificate-whitelist:
      1. Type in
        vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
      2. Add CERTNAME to the end of the file
      3. Save the file: Hit the esc key and then type in :wq!
    7. Restart necessary services by typing in: puppet agent -t
    Puppet Enterprise v4.x+

    In the following instructions, replace CERTNAME with the name you wish to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify the certificate_authority.pp:
      1. Type in
        vi /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        class puppet_enterprise::profile::certificate_authority (
          Array[String] $client_whitelist = [ CERTNAME ]
        )
        
      3. Save the file: Hit the esc key and then type in :wq!
    5. Modify auth.conf:
      1. Type in
        vi /etc/puppetlabs/puppetserver/conf.d/auth.conf
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        {
           "allow" : [
              "pe-internal-dashboard",
              CERTNAME
            ],
            "match-request" : {
                "method" : [
                  "get",
                  "put",
                  "delete"
                ],
              "path" : "/puppet-ca/v1/certificate_status",
              "query-params" : {},
              "type" : "path"
              },
          "name" : "puppetlabs certificate status",
          "sort-order" : 500
        }
        
      3. Save the file: Hit the esc key and then type in :wq!
    6. Modify the rbac-certificate-whitelist:
      1. Type in
        vi /etc/puppetlabs/console-services/rbac-certificate-whitelist
      2. Add CERTNAME to the end of the file
      3. Save the file: Hit the esc key and then type in :wq!
    7. Restart necessary services by typing in: sudo service pe-console-services restart
  2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
    • root with SSH keys
    • root with password
    • Service account with sudo permissions
  3. Collect the appropriate keys from the Puppet Master:

    Replace CERTNAME with the name identified in Step 1 (e.g. vrosvc)

    TypeLocation
    CA Certificate/etc/puppetlabs/puppet/ssl/ca/ca_crt
    Service Account Certificate/etc/puppetlabs/puppet/ssl/certs/CERTNAME
    Service Account Private Key/etc/puppetlabs/puppet/ssl/private_keys/CERTNAME
  4. If any Puppet Agents are Windows OS:
  5. Login to the vRA tenant
    1. Add license for Puppet Enterprise module
    2. Validate the following show up on the Catalog page:
      1. Add Puppet Master Configuration
      2. Add Puppet Agent Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Puppet Master Configuration
    Add Puppet Master Configuration
    Puppet Master Configuration

    A Puppet Master Configuration is a target Puppet Master

    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet Master version Select the Puppet Master version
    Puppet Master connection configuration
    Puppet Master OS Family Currently, only allows for unix
    Puppet Master Hostname Hostname of Puppet Master in FQDN format
    Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
    Directory for temporary scripts Directory to put temporary scripts on the Puppet Master
    Connection method Currently, only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root/sudo permissions to the Puppet Master
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Console configuration
    Console Hostname Puppet Console server in FQDN format
    Console Port Port the Puppet Console listens on, defaults to 4433
    Console OS Family Currently only allows for unix
    Directory for temporary scripts Directory to put temporary scripts on the Console
    Connection method Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has admin permissions to the Puppet Console
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Compile Masters
    Use separate Compile Masters? Select Yes to define Compile Masters
    Compile Masters Hostnames

    *Only shown when 'Use separate Compile Masters' is Yes

    Input the Compile Master(s) in FQDN format
    Compile Masters OS Family

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate Compile Masters' is Yes

    Directory to put temporary scripts on the Compile Masters
    Connection method

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Compile Master(s)
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Database configuration
    Use separate database? Select Yes to define database
    Database hostname

    *Only shown when 'Use separate database' is Yes

    Database hostname in FQDN format
    Database OS Family

    *Only shown when 'Use separate database' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate database' is Yes

    Directory to put temporary scripts on the database
    Connection method

    *Only shown when 'Use separate database' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Puppet database
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Group configuration
    Parent Group Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under

    Can be templated: SovLabs Template Engine

    Parent Group Environment The parent group environment

    Can be templated: SovLabs Template Engine

    Group name template Template for the group name

    Can be templated: SovLabs Template Engine

    Certificate PEM files
    API Certificate

    Puppet API Certificate PEM file

    Puppet Master: /etc/puppetlabs/puppet/ssl/certs/CERTNAME

    API RSA Private Key

    Puppet API RSA Private Key PEM file

    Puppet Master: /etc/puppetlabs/puppet/ssl/private_keys/CERTNAME

    API CA Certificate Puppet Master: /etc/puppetlabs/puppet/ssl/ca/ca_crt
    Certificate Authority
    Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If 'Yes', skips signing the certificate
    Certificate Authority Hostname Puppet Certificate Authority Hostname (FQDN)
    Certificate Authority Port Port the Puppet Certificate Authority listens on, defaults to 8140
    API CA Certificate Puppet API Certificate Authority Certificate
    Hiera node data configuration
    Create hiera node data? Select 'Yes' to create hiera node data
    Hiera node data format

    *Only shown when Create hiera node data is 'Yes'

    Hiera node data format
    Hiera node data filename

    *Only shown when Create hiera node data is 'Yes'

    Filename for hiera node data

    Can be templated: SovLabs Template Engine

    Hiera node data template

    *Only shown when Create hiera node data is 'Yes'

    Hiera data template

    Can be templated: SovLabs Template Engine

    Hiera eyaml Public Key

    *Only shown when Hiera node data format is eyaml

    Hiera eyaml public key
    Additional configuration

    *Only shown when Create hiera node data is 'Yes'

    Hiera on Puppet Master server? Select 'No' if the hiera server is on a different server from the Puppet Master
    Hiera Hostname

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera Hostname (FQDN)
    Hiera OS Family

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera OS type
    Directory for temporary scripts

    *Only shown when Hiera on Puppet Master server is 'No'

    Directory to put temporary scripts on the Hiera server
    Hiera connection method

    *Only shown when Hiera on Puppet Master server is 'No'

    Select the connection method
    Hiera Username

    *Only shown when Hiera on Puppet Master server is 'No'

    Username (UPN format) that has permissions to the Hiera server
    Hiera SSH Key used?

    *Only shown when Hiera Connection Method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Hiera Password

    *Only shown when Hiera Connection Method is winrm or Hiera SSH Key used is 'No'

    Username's password
    Hiera SSH Key

    *Only shown when SSH key used is 'Yes'

    SSH Key
    Hiera SSH Key password protected?

    *Only shown when SSH key used is 'Yes'

    Select 'Yes' if the SSH key is password protected
    Hiera SSH Key Password

    *Only shown when SSH key used is 'Yes' and SSH key password protected is 'Yes'

    SSH Key password

    *Entire section is only shown when Create hiera node data is 'Yes'

    Hiera pre-create script
    Hiera pre-create script Script to execute prior to creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-create script arguments Script arguments, if any
    Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-create script
    Hiera post-create script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-create script arguments Script arguments, if any
    Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera pre-delete script
    Hiera pre-delete script Script to execute prior to deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-delete script arguments Script arguments, if any
    Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-delete script
    Hiera post-delete script Script to execute after deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-delete script arguments Script arguments, if any
    Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile MastersHiera post-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile MastersHiera post-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node script arguments Script arguments, if any
    Purge node script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters

    *Only shown when Use separate Compile Masters is 'Yes'

    Compile Masters Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Compile Masters Purge node script arguments Script arguments, if any
    Compile Masters Purge node script interpreter Script interpreter, e.g. /bin/bash
    Console
    Purge node console script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node console script arguments Script arguments, if any
    Purge node console script interpreter Script interpreter, e.g. /bin/bash
    Database

    *Only shown when Use separate database is 'Yes'

    Purge node database script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node database script arguments Script arguments, if any
    Purge node database script interpreter Script interpreter, e.g. /bin/bash
  3. On the Catalog page, click on the Request button for: Add Puppet Agent Configuration
    Add Puppet Agent Configuration
    Puppet Agent Configuration

    A Puppet Agent configuration defines the Puppet Agent settings

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet version Select the Puppet Agent version
    Puppet environment Provisioned node environment

    Can be templated: SovLabs Template Engine

    OS Family for provisioned nodes unix or windows
    Directory for temporary scripts Directory to put temporary scripts on the provisioned node
    puppet.conf configuration
    puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

    Can be templated: SovLabs Template Engine

    puppet.conf filename

    Can be templated: SovLabs Template Engine

    Connection configuration
    Connection method
    • SSH for unix
    • cygwinssh, winrm or WinSSHD for Windows
    Username Username (UPN format) that has permissions to login to the provisioned node
    SSH Key used?

    Only shown when connection method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Password

    Only shown when SSH key used is No

    Username's password
    SSH Key

    Only shown when SSH key used is Yes

    SSH Key
    SSH Key password protected?

    Only shown when SSH key used is Yes

    Select Yes if the SSH key is password protected
    SSH Key Password

    Only shown when SSH key used is Yes and SSH key password protected is Yes

    SSH Key password
    Facter files
    Facter facts template Template of the facter facts

    Warning: Facter facts file contents does not support encryption

    Can be templated: SovLabs Template Engine

    Facter facts format Format for the Facter facts file
    Facter facts filename

    Can be templated: SovLabs Template Engine

    Classes
    Classes Add existing classes in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    { "sudo":{} }

    No parameters


    { “sudo”: {"param1": "val1", "param2": "val2"}}

    With 2 parameters

    { "sudo" : {}, "apache": {} }

    No parameters


    { { "sudo": {"param1": "val1", "param2": "val2"}} , { "apache": {"param1": "val1", "param2": "val2"}} }

    With 2 parameters

    Custom group name When classes are defined, creates a custom group with this specified name

    Can be templated: SovLabs Template Engine

    Groups
    Groups Add existing groups in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    Installer file(s)
    Source Installer file Define source installer file (for Windows Puppet Agent)
    Destination Installer file Define destination installer file (for Windows Puppet Agent)
    Install Puppet on a node script
    Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

    Can be templated: SovLabs Template Engine

    Install script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Install script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
    Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
    Run Puppet Script
    Run Puppet script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Run Puppet script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Run Puppet script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Run Puppet script validation
    Run Puppet script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Run Puppet script validation prior to certificate being signed
    Pre-certificate success exit codes Success exit codes.

    List multiple exit codes comma separated

    Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Final Run Puppet script validation
    Final Puppet Run script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Post script Script to execute after the final Puppet Run

    Can be templated: SovLabs Template Engine

    Post script arguments Script arguments, if any
    Post script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Post script validation
    Post script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Pre-Puppet Remove script Script to run prior to removing Puppet from node

    Can be templated: SovLabs Template Engine

    Pre-Puppet Remove script arguments Script arguments, if any
    Pre-Puppet Remove script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the Puppet Enterprise property groups:
        • Puppet Master: starts with SovLabs-PuppetMaster-
        • Puppet Agent: starts with SovLabs-PuppetAgent

        Do not attach more than 1 set of Puppet Master/Puppet Agent property groups to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Puppet Enterprise property groups:
        • Puppet Master: starts with SovLabs-PuppetMaster-
        • Puppet Agent: starts with SovLabs-PuppetAgent
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Puppet Open Source with Foreman

The SovLabs Puppet Open Source with Foreman Module increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management together with the option to utilize Foreman for the Dashboard and Node Classifier.

Quick start process

  1. Define Puppet Open Source with Foreman Master(s)
  2. Define Puppet Open Source with Foreman Agent configuration(s)
  3. Apply to existing blueprint
  4. Provision!

Features

  • Supports node classification support for Hiera, Manifest files and Foreman
  • Optionally creates node in Foreman and assigns node to an existing group
  • Supports multiple versions of Puppet Open Source and Foreman
  • Installs Puppet Agent, configures puppet.conf, creates Hiera data and local Facter facts, if desired
  • Supports certificate signing/cleaning or Puppet auto-sign scenarios
  • Eases portability between private and public cloud scenarios: agentless, OS native protocols
  • Supports custom deployment/code promotion scenarios and pre/post activities via inline command definitions
  • Ties in existing custom vRO workflow content via workflow hooks
  • Supports simple or distributed Puppet implementations
  • Supports creation of multiple Foreman, Puppet Master and Puppet Agent configurations as needed
  • Delivers dozens to thousands of Puppet deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Create Puppet Certificate and Update Puppet Console configuration

    Create the certificate on the Puppet CA that will be used for communication with the Foreman API and the Puppet CA API.

    Perform the following for each Puppet CA utilized

    Puppet Open Source v3.8.x

    In the following instructions, replace CERTNAME with the name you wish to identify the automation account with, we recommend vrosvc

    1. Login to the Puppet CA
    2. Type in su -
    3. Create a certificate key: puppet cert generate CERTNAME
    4. Modify auth.conf:
      1. Type in
        vi /etc/puppet/auth.conf
      2. Find the following in the file and replace CERTNAME accordingly. If the following section does not already exist, copy and paste into the header of the file:
        path  /certificate_status
        method find, save, search
        auth yes
        allow CERTNAME
        
      3. Save the file: Hit the esc key and then type in :wq!
    5. Restart necessary services by typing in: service puppet restart
  2. Setup or have a user for the Puppet Master, Puppet CA and Puppet database:
    • root with SSH keys
    • root with password
    • Service account with sudo permissions
  3. Collect the appropriate keys from the Puppet Master:

    Replace CERTNAME with the name identified in Step 1 (e.g. vrosvc)

    TypeLocation
    CA Certificate/var/lib/puppet/ssl/ca/ca_crt.pem
    Service Account Certificate/var/lib/puppet/ssl/certs/CERTNAME.pem
    Service Account Private Key/var/lib/puppet/ssl/private_keys/CERTNAME.pem
  4. If any Puppet Agents are Windows OS:
  5. Login to the vRA tenant
    1. Add license for Puppet Open Source with Foreman module
    2. Validate the following show up on the Catalog page:
      1. Add Foreman Master Configuration
      2. Add Foreman Agent Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Foreman Master Configuration
    Add Foreman Master Configuration
    Foreman Master Configuration

    A Foreman Master Configuration is a target Foreman Master

    General
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet Open Source with Foreman version Select the Puppet Open Source with Foreman version
    Foreman configuration
    Foreman Hostname Foreman hostname in FQDN formaat
    Foreman Port Port for Foreman, defaults to 443
    Username Foreman username with admin permissions
    Password User's password
    Puppet Master connection configuration
    Puppet Master OS Family Currently, only allows for unix
    Puppet Master Hostname Hostname of Puppet Master in FQDN format
    Puppet pe-puppetserver port Port pe-puppetserver listens on, defaults to 8140
    Directory for temporary scripts Directory to put temporary scripts on the Puppet Master
    Connection method Currently, only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root/sudo permissions to the Puppet Master
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Compile Masters Hostnames

    *Only shown when 'Use separate Compile Masters' is Yes

    Input the Compile Master(s) in FQDN format
    Compile Masters OS Family

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate Compile Masters' is Yes

    Directory to put temporary scripts on the Compile Masters
    Connection method

    *Only shown when 'Use separate Compile Masters' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Compile Master(s)
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Database configuration
    Use separate database? Select Yes to define database
    Database hostname

    *Only shown when 'Use separate database' is Yes

    Database hostname in FQDN format
    Database OS Family

    *Only shown when 'Use separate database' is Yes

    Currently only allows for unix
    Directory for temporary scripts

    *Only shown when 'Use separate database' is Yes

    Directory to put temporary scripts on the database
    Connection method

    *Only shown when 'Use separate database' is Yes

    Currently only allows for SSH
    SSH Key used? Select Yes to use an SSH key
    Username Username that has root or sudo permissions to the Puppet database
    Password

    *Only shown when 'SSH key used' is No

    User's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key password protected?

    *Only shown when 'SSH key used' is Yes

    Select 'Yes' if the SSH key is password protected
    SSH Key Password

    *Only shown when 'SSH key used' and 'SSH key password protected' are Yes

    SSH Key password
    Certificate PEM files
    API Certificate Puppet API Certificate PEM file

    Puppet Master: /var/lib/puppet/ssl/certs/CERTNAME.pem

    API RSA Private Key Puppet API RSA Private Key PEM file

    Puppet Master: /var/lib/puppet/ssl/private_keys/CERTNAME.pem

    API CA Certificate Puppet API CA file

    Puppet Master: /var/lib/puppet/ssl/ca/ca_crt.pem

    Certificate Authority
    Is auto-sign enabled in Puppet? Is autosign enabled in Puppet? If 'Yes', skips signing the certificate
    Certificate Authority Hostname Puppet Certificate Authority Hostname (FQDN)
    Certificate Authority Port Port the Puppet Certificate Authority listens on, defaults to 8140
    API CA Certificate Puppet API Certificate Authority Certificate
    Hiera node data configuration
    Create hiera node data? Select 'Yes' to create hiera node data
    Hiera node data format

    *Only shown when Create hiera node data is 'Yes'

    Hiera node data format
    Hiera node data filename

    *Only shown when Create hiera node data is 'Yes'

    Filename for hiera node data

    Can be templated: SovLabs Template Engine

    Hiera node data template

    *Only shown when Create hiera node data is 'Yes'

    Hiera data template

    Can be templated: SovLabs Template Engine

    Hiera eyaml Public Key

    *Only shown when Hiera node data format is eyaml

    Hiera eyaml public key
    Additional configuration

    *Only shown when Create hiera node data is 'Yes'

    Hiera on Puppet Master server? Select 'No' if the hiera server is on a different server from the Puppet Master
    Hiera Hostname

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera Hostname (FQDN)
    Hiera OS Family

    *Only shown when Hiera on Puppet Master server is 'No'

    Hiera OS type
    Directory for temporary scripts

    *Only shown when Hiera on Puppet Master server is 'No'

    Directory to put temporary scripts on the Hiera server
    Hiera connection method

    *Only shown when Hiera on Puppet Master server is 'No'

    Select the connection method
    Hiera Username

    *Only shown when Hiera on Puppet Master server is 'No'

    Username (UPN format) that has permissions to the Hiera server
    Hiera SSH Key used?

    *Only shown when Hiera Connection Method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Hiera Password

    *Only shown when Hiera Connection Method is winrm or Hiera SSH Key used is 'No'

    Username's password
    Hiera SSH Key

    *Only shown when SSH key used is 'Yes'

    SSH Key
    Hiera SSH Key password protected?

    *Only shown when SSH key used is 'Yes'

    Select 'Yes' if the SSH key is password protected
    Hiera SSH Key Password

    *Only shown when SSH key used is 'Yes' and SSH key password protected is 'Yes'

    SSH Key password

    *Entire section is only shown when Create hiera node data is 'Yes'

    Hiera pre-create script
    Hiera pre-create script Script to execute prior to creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-create script arguments Script arguments, if any
    Hiera pre-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-create script
    Hiera post-create script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-create script arguments Script arguments, if any
    Hiera post-create script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera post-create script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after creating the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera post-create script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-create script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera pre-delete script
    Hiera pre-delete script Script to execute prior to deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera pre-delete script arguments Script arguments, if any
    Hiera pre-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile Masters Hiera pre-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute prior to deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile Masters Hiera pre-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera pre-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Hiera post-delete script
    Hiera post-delete script Script to execute after deleting the hiera node data

    Can be templated: SovLabs Template Engine

    Hiera post-delete script arguments Script arguments, if any
    Hiera post-delete script interpreter Script interpreter, e.g. /bin/bash
    Compile MastersHiera post-delete script

    *Only shown when Use separate Compile Masters is 'Yes'

    Script to execute after deleting the hiera node data on the Compile Masters

    Can be templated: SovLabs Template Engine

    Compile MastersHiera post-delete script arguments

    *Only shown when Use separate Compile Masters is 'Yes'

    Script arguments, if any
    Compile Masters Hiera post-delete script interpreter

    *Only shown when Use separate Compile Masters is 'Yes'

    Script interpreter, e.g. /bin/bash
    Purge node script Script purge the node

    Can be templated: SovLabs Template Engine

    Purge node script arguments Script arguments, if any
    Purge node script interpreter Script interpreter, e.g. /bin/bash
  3. On the Catalog page, click on the Request button for: Add Foreman Agent Configuration
    Add Foreman Agent Configuration
    Foreman Agent Configuration

    A Foreman Agent configuration defines the Puppet Open Source with Foreman Agent settings

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Puppet Open Source with Foreman version Select the Puppet Open Source / Foreman version
    Puppet environment Provisioned node environment

    Can be templated: SovLabs Template Engine

    OS Family for provisioned nodes unix or windows
    Directory for temporary scripts Directory to put temporary scripts on the provisioned node
    puppet.conf configuration
    puppet.conf file content Contents of puppet.conf file - if left blank, the puppet.conf will not be updated on the provisioned node

    Can be templated: SovLabs Template Engine

    puppet.conf filename

    Can be templated: SovLabs Template Engine

    Connection configuration
    Connection method
    • SSH for unix
    • cygwinssh, winrm or WinSSHD for Windows
    Username Username (UPN format) that has permissions to login to the provisioned node
    SSH Key used?

    Only shown when connection method is SSH or WinSSHD

    Select 'Yes' to use an SSH key
    Password

    Only shown when SSH key used is No

    Username's password
    SSH Key

    Only shown when SSH key used is Yes

    SSH Key
    SSH Key password protected?

    Only shown when SSH key used is Yes

    Select Yes if the SSH key is password protected
    SSH Key Password

    Only shown when SSH key used is Yes and SSH key password protected is Yes

    SSH Key password
    Facter files
    Facter facts template Template of the facter facts

    Warning: Facter facts file contents does not support encryption

    Can be templated: SovLabs Template Engine

    Facter facts format Format for the Facter facts file
    Facter facts filename

    Can be templated: SovLabs Template Engine

    Classes
    Classes Add existing classes in Puppet Console for provisioned node to join

    Can be templated: SovLabs Template Engine

    Host Group
    Host Group Add existing host group in Foreman for provisioned node to join

    Can be templated: SovLabs Template Engine

    Installer file(s)
    Source Installer file Define source installer file (for Windows Puppet Agent)
    Destination Installer file Define destination installer file (for Windows Puppet Agent)
    Install Puppet on a node script
    Install script Script to install Puppet on a node - if left blank, expects Puppet to already be installed

    Can be templated: SovLabs Template Engine

    Install script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Install script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Max retry attempt to Run Puppet Maximum number of attempts to retry Run Puppet
    Ignore final Run Puppet errors? If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue - useful in initial development of new Puppet content
    Run Puppet Script
    Run Puppet script Script to execute after creating the hiera node data

    Can be templated: SovLabs Template Engine

    Run Puppet script arguments Script arguments, if any

    Can be templated: SovLabs Template Engine

    Run Puppet script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Run Puppet script validation
    Run Puppet script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Run Puppet script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Run Puppet script validation prior to certificate being signed
    Pre-certificate success exit codes Success exit codes.

    List multiple exit codes comma separated

    Pre-certificate success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Final Run Puppet script validation
    Final Puppet Run script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Final Puppet Run script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Post script Script to execute after the final Puppet Run

    Can be templated: SovLabs Template Engine

    Post script arguments Script arguments, if any
    Post script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

    Post script validation
    Post script success exit codes Success exit codes.

    List multiple exit codes comma separated

    Post script success exit RegExp Match the regular expression(s) to the output to determine success - overrides defined exit codes, if any
    Pre-Puppet Remove script Script to run prior to removing Puppet from node

    Can be templated: SovLabs Template Engine

    Pre-Puppet Remove script arguments Script arguments, if any
    Pre-Puppet Remove script interpreter

    Script interpreter, e.g. /bin/bash

    For Windows, only powershell and bat are valid interpreters

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the Puppet Open Source with Foreman property groups:
        • Puppet Master: starts with SovLabs-ForemanMaster-
        • Puppet Agent: starts with SovLabs-ForemanAgent-

        Do not attach more than 1 set of Foreman Master / Foreman Agent property groups to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Puppet Open Source with Foreman property groups:
        • Puppet Master: starts with SovLabs-ForemanMaster-
        • Puppet Agent: starts with SovLabs-ForemanAgent-
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

ServiceNow CMDB

Allows customers to dynamically drive ServiceNow CMDB record creation/removal as part of server provisioning/de-provisioning

  • Adds and removes CMDB records to/from ServiceNow
  • Add and remove via Import Sets to drive additional functionality in ServiceNow
  • Validate that the OS vRA custom property is added to the vRA blueprint(s) and set to the appropriate value
  • Utilizes SovLabs Template Engine
  • Utilizes vRA properties (e.g. properties defined on the Blueprint, Compute Resource, and/or Business Group)
  • Executed during the vRA MachineProvisioned lifecycle

Prerequisites

  1. ServiceNow CMDB is properly configured
  2. ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
  3. Once the VMware ITSM plug-in installed, set the u_vra_uid column to read/write from read only:
    1. In ServiceNow, navigate to System Definition
    2. Under Column name, search for u_vra_uid
    3. Click the cmdb_ci table from the results
    4. Uncheck Read only and Check Read/Write
    5. Click Update
  4. Login to the vRA tenant
    1. Add license for ServiceNow CMDB module
    2. Validate the following show up on the Catalog page:
      1. Add ServiceNow Endpoint
      2. Add ServiceNow CMDB

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add ServiceNow Host
    Add ServiceNow Host
    ServiceNow Endpoint

    A ServiceNow endpoint is a target ServiceNow server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Host URL URL to ServiceNow host. Start with http or https
    Version Select the ServiceNow version
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for authentication.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add ServiceNow CMDB Configuration
    Add ServiceNow CMDB Configuration
    ServiceNow CMDB Configuration

    A ServiceNow CMDB configuration is the template for the VM

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    ServiceNow Endpoint Select the desired ServiceNow endpoint
    Use Import Set? Select whether or not to use Import Set
    Table name Select the table to add/remove records from
    Import Set Name

    *Shown only when 'Use Import Set' is Yes

    Import set name in ServiceNow
    Delete using Import Set?

    *Shown only when 'Use Import Set' is Yes

    Default - If No is selected, the record will be deleted from the database tables directly


    Advanced

    Select Yes if the u_action field is configured on the Import Set and defined in the Transform script

    Example transform script:
    if (source.u_action == 'delete') {
      var vms = new GlideRecord('cmdb_ci_vm_instance');
      vms.addQuery('correlation_id', source.u_sovlabs_id);
      vms.deleteMultiple();
    }

    Use predefined template?

    *Shown only when 'Use Import Set' is Yes

    Select whether or not to use a predefined template
    Predefined template name

    *Shown only when 'Use Import Set' is Yes and 'Use predefined template' is Yes

    Select appropriate template name
    JSON template Modify the JSON template accordingly

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate ServiceNow CMDB property group (starts with SovLabs-SNowCMDB-)

        Do not attach more than 1 ServiceNow CMDB property group to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the ServiceNow CMDB property group: (starts with SovLabs-SNowCMDB-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Red Hat Satellite

The SovLabs Red Hat Satellite Module increases IT agility and speed of delivery by driving Red Hat Satellite’s software and subscription management features from a cloud consumption model. Organizations depend on Red Hat Satellite’s errata management capabilities to stay compliant with security and bugfix management.

With the SovLabs Red Hat Satellite Module organizations can now easily drive multiple Satellite subscription configurations and ensure proper registration and content deployment from Red Hat systems provisioned from vRealize Automation.

Quick start process

  1. Define Red Hat Satellite configuration(s)
  2. Apply to existing blueprint
  3. Provision!

  • Supports automatic downloading and installing Satellite CA onto a node (server with Red Hat OS)
  • Registers a node with Satellite activation key(s) during provisioning
  • Installs Katello agent on a node during provisioning
  • Option to force update a node from Satellite during provisioning
  • Unregisters a node during de-provisioning
  • Utilizes SovLabs Credential store for credential reuse between multiple configuration definitions
  • Delivers dozens to thousands of Red Hat Satellite deployment scenarios with minimal overhead via dynamic template configurations and vRA property injection, avoiding Blueprint sprawl
  • SovLabs Template Engine allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic

Prerequisites

  1. Red Hat Satellite server is properly configured
  2. Red Hat Satellite server is configured to utilize activation key(s) for registering nodes
  3. Red Hat Satellite service user account must have rights to add/update/delete content hosts
  4. Login to the vRA tenant
    1. Add license for Red Hat Satellite module
    2. Validate the following show up on the Catalog page:
      1. Add Satellite Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add Satellite Configuration
    Add Satellite Configuration
    Satellite Configuration

    A Satellite configuration is a target Red Hat Satellite server

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique endpoint name

    Satellite Hostname FQDN or IP address of Red Hat Satellite server
    Satellite Username Service account username that has permissions to the Red Hat Satellite server to add/update/delete content hosts
    Satellite Password User's password
    Satellite Organization

    Auto-populates based on valid Satellite Hostname, Satellite username and password

    Select the desired organization to register VMs to

    Activation Key(s) names or template

    List all Red Hat Satellite activation keys by name

    Can be templated: SovLabs Template Engine

    Satellite API 6 upgrade_all? Perform Satellite API 6 upgrade_all? Instructs Red Hat Satellite to update the installed RPM packages to the latest available revisions
    Credential Configuration
    Create Credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create Credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create Credential' is Yes

    Unique name for credential.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Use SSH Key?

    *Only shown when 'Create Credential' is Yes

    Select whether or not this credential utilizes an SSH key

    Username

    *Only shown when 'Create Credential' is Yes

    Username

    Password

    *Only shown when 'Create Credential' is Yes and 'Use SSH Key' is No

    Username's password

    SSH Key

    *Only shown when 'Create Credential' is Yes and 'Use SSH Key' is Yes

    SSH Key

    SSH Key Password

    *Only shown when 'Create Credential' is Yes and 'Use SSH Key' is Yes

    SSH Key's password, if any

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the SovLabs-EnableLifecycleStubs property group
      2. Check the appropriate Red Hat Satellite property group (starts with SovLabs-Satellite-)

        Do not attach more than 1 Red Hat Satellite property group to a blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the Red Hat Satellite property group: (starts with SovLabs-Satellite-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

vSphere DRS

The SovLabs vSphere Dynamic Resource Scheduler (DRS) Module allows organizations to take advantage of VMware’s DRS technology to sub-divide vSphere Clusters for consumption by vRealize Automation. Utilizing the vSphere DRS host group feature, it’s possible to separate workloads onto specific host group(s) of ESXi hosts within a vSphere cluster, based on criteria such as OS type, application, or licensing restrictions without the need to create individual isolated vSphere clusters.

The SovLabs vSphere DRS Module adds additional VM deployment controls that allow organizations to meet software governance, application isolation, or performance-related goals via vRealize Automation.

Quick start process

  1. Define vCenter endpoint(s)
  2. Define DRS Profile(s)
  3. Apply to existing blueprint
  4. Provision!

  • Create and manage vSphere DRS profile configurations directly in vRA and tie them to existing blueprints to enable affinity or anti-affinity relationships between VMs provisioned and existing DRS host groups
  • Utilizes SovLabs vCenter endpoints, supporting secure credential store and multiple vCenter versions
  • Automatic cleanup of appropriate linked VM rules and groups during VM de-provisioning lifecycles
  • Allows for VM provisioning into specific pre-defined DRS host groups
  • Intuitive assignment in vRA allows for selection of vCenter, Cluster and DRS group directly from vCenter inventory
  • SovLabs DRS profiles support the following rule options between VM(s) and a given DRS host group:
    • Must run on host group
    • Should run on host group
    • Must not run on host group
    • Should not run on host group
  • Dynamically creates VM group(s) and rule(s) during VM provisioning based on the corresponding SovLabs DRS profile configuration
  • Selective Locking logic prevents duplication and collision between provisioning and de-provisioning lifecycles without sacrificing performance

Prerequisites

  1. vSphere vCenter(s) are properly configured
  2. Cluster(s) and host group(s) are properly configured
  3. Login to the vRA tenant
    1. Add license for vSphere DRS module
    2. Validate the following show up on the Catalog page:
      1. Add vCenter Endpoint
      2. Add DRS Profile
      3. Manage Credentials

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add vCenter Endpoint
    Add vCenter Endpoint
    vCenter Endpoint

    A vCenter endpoint is the target vCenter

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Only shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Only shown when 'Version' is 6+

    Select Yes or No
    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is No or 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for authentication.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add DRS Profile
    Add DRS Profile
    DRS Profile

    A DRS Profile is the template for the VM

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    vCenter Endpoint Select the desired vCenter endpoint
    Cluster Select from auto-generated list of vCenter clusters when the vCenter Endpoint is selected
    Host group Select from auto-generated list of vCenter host groups when the vCenter Endpoint is selected
    Rule Select the DRS rule:
    • Must run on host group
    • Should run on host group
    • Must not run on host group
    • Should not run on host group

Usage

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Check the appropriate vSphere DRS property group (starts with SovLabs-DRS-)

        Do not attach more than 1 vSphere DRS property group to a vSphere machine blueprint

    4. Click OK
  4. Repeat Step 3 for all desired blueprints

Disable

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Hover over the desired blueprint name and click Edit
    1. Click on the blueprint vSphere machine on the Design Canvas
    2. Click on the Properties tab
    3. In the Property Groups section:
      1. Uncheck the vSphere DRS property group: (starts with SovLabs-DRS-)
    4. Click OK
  4. Repeat Step 3 for all desired blueprints

vSphere Snapshot Management

The SovLabs vSphere Snapshot Management Module enables organizations to self-manage policies to control the expiration and deletion of VMware vSphere-based VM snapshots as well as end-user notifications across existing vRA inventory per tenant or per business group directly within vRealize Automation.

Prerequisites

  1. vSphere vCenter(s) are properly configured
  2. Cluster(s) and host group(s) are properly configured
  3. Login to the vRA tenant
    1. Add license for vSphere DRS module
    2. Add license for Custom Notifications module
    3. Validate the following show up on the Catalog page:
      1. Add SovLabs vCenter Endpoint
      2. Add SovLabs vRA CAFE Endpoint
      3. Add SovLabs vRA IaaS Endpoint
      4. Add Notification Configuration
      5. Add Notification Group
      6. Add Snapshot Configuration

Setup

  1. Login to the vRA tenant
  2. On the Catalog page, click on the Request button for: Add SovLabs vCenter Endpoint
    Add vCenter Endpoint
    SovLabs vCenter Endpoint

    A vCenter endpoint is the target vCenter

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Choose the appropriate vCenter version
    Platform Service Controller (FQDN)

    *Only shown when 'Version' is 6+

    Type in the PSC FQDN
    Is the PSC embedded on the vCenter server?

    *Only shown when 'Version' is 6+

    Select Yes or No
    vCenter hostname (FQDN)

    *Shown when 'Is the PSC embedded on the vCenter server?' is No or 'Version' is 5.5x

    Type in the vCenter server FQDN
    Credential Configuration
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for authentication.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  3. On the Catalog page, click on the Request button for: Add SovLabs vRA CAFE Endpoint
    Add SovLabs vRA CAFE Endpoint
    SovLabs vRA CAFE Endpoint

    The target vRA CAFE

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Read-only field based on querying vRA CAFE
    Hostname (FQDN) Auto-generated based on querying vRA CAFE. Please verify
    Credential Configuration
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for authentication.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  4. On the Catalog page, click on the Request button for: Add SovLabs vRA IaaS Endpoint
    Add SovLabs vRA IaaS Endpoint
    SovLabs vRA IaaS Endpoint

    The target vRA IaaS

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Version Read-only field based on querying vRA IaaS
    Hostname (FQDN) Auto-generated based on querying vRA IaaS. Please verify
    Credential Configuration
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for authentication.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    User's password

  5. On the Catalog page, click on the Request button for: Add Notification Configuration
    Add Notification Configuration
    Notification Configuration

    A notification configuration holds all the necessary information to send notifications

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label

    Message Server configuration
    New Message Server?

    Select Yes to create a new message server

    Select No to choose an existing message server

    Message Server

    *Only shown when 'New Message Server' is No

    Select the desired message server from a list of existing message servers
    Message server configuration label

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for message server

    Message Server Address

    *Only shown when 'New Message Server' is Yes
    Message Server address

    Please note, for a WebService, the request body is used as type JSON to deliver data to the web service it is connecting to.

    The address will not be modified by SovLabs' module to provide data via the URL. If the request is directed at a specific method for the call please include that as part of the address parameter.

    *If the WebService address is: webserver.domain.com and the URL directive for method is: /logmessage, the resulting Message server address should be: webserver.domain.com/logmessage

    Enable SSL?

    *Only shown when 'New Message Server' is Yes

    Choose whether or not SSL is enabled on the message server
    Message Server Port

    *Only shown when 'New Message Server' is Yes

    Message Server port
    Message Server Type

    *Only shown when New Message Server is Yes

    Select whether this message server is an Email or WebService type
    Message Server HTTP Verb

    *Only shown when New Message Server is Yes and Message Server Type is WebService

    Select the HTTP Verb

    Any HTTP verb used must be assumed to use the JSON body content to properly direct the server's behavior. The Notifications module does not modify URL with parameters.

    Message Server Protocol

    *Only shown when 'New Message Server' is Yes

    Select the appropriate protocol
    Enable credential?

    *Only shown when 'New Message Server' is Yes

    Select whether credential is enabled on the message server
    Create credential?

    Select No to choose from existing credentials

    Select Yes to create a new credential

    Credential

    *Only shown when 'Enable credential' is Yes and 'Create credential' is No

    Select the appropriate credential from an existing list of credentials

    Credential configuration label

    *Only shown when 'Create credential' is Yes

    Unique name for credential.

    *Only AlphaNumeric characters, no special characters nor spaces except: - and _
    Username

    *Only shown when 'Create credential' is Yes

    Username

    Password

    *Only shown when 'Create credential' is Yes

    Username's password

    Enable STARTTLS?

    *Only shown when 'Create credential' is Yes and 'Message Server Type' is Email

    Select whether or not to enable STARTTLS

    Network timeout Defaulted to 6000
    Email Group configuration

    *Only shown when the 'Message Server Type' is Email

    New Email Group?

    Select Yes to create a new email group

    Select No to choose an existing email group

    Email Group

    *Only shown when 'New Email Group' is No

    Select the desired email group from a list of existing email groups
    Email Group configuration label

    *Only shown when 'New Email Group' is Yes

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for email group configuration

    To addresses

    *Only shown when New Email Group is Yes

    Enter all the email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    CC addresses

    *Only shown when 'New Email Group' is Yes

    Enter all the CC'ed email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    BCC addresses

    *Only shown when 'New Email Group' is Yes

    Enter all the BCC'ed email addresses to send the notification to

    Can be templated: SovLabs Template Engine

    Notification configuration
    Configuration label

    *Only shown when 'New Message Server' is Yes

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label for notification configuration

    Type Select SNAPSHOT.
    State

    Select whether or not to send notifications when a new snapshot is found (NEW), when a snapshot is about to be deleted (WARNING), and/or when a snapshot has been deleted (DELETE)

    Format Select the appropriate format
    From address The address that will be sending the notification

    Can be templated: SovLabs Template Engine

    Title Notification title

    Can be templated: SovLabs Template Engine

    Body Body message.

    Can be templated: SovLabs Template Engine

    <table style="font-family: sans-serif; font-size: 14px; color: #404041; sans-serif; padding: 5px; border: none; border-collapse: collapse;"/>
                                           <tbody/>
                                            <tr style="border-bottom: 3px solid #1B75BA;">
                                             <td colspan="2" style="padding-bottom: 10px;">
                                              <a href="https://sovlabs.com" target="_blank"><img src="http://bit.ly/2ozluWb" alt="SovLabs logo"></a>
                                             </td>
                                            </tr>
                                            <tr>
                                             <td colspan="2" style="font-size: 20px; font-weight: bold; padding-top: 10px; padding-bottom: 20px;">
                                          Welcome to Snapshot Mangement for vRA tenant {{tenant}}
                                             </td>
                                             </tr>
                                             <tr><td colspan="2" style="padding-bottom: 20px;"><p>Hello,</p><p> A new snapshot has been found for vRA tenant: <span style="color: #1B75BA ;">{{ tenant }}</span> on SovLabs vCenter endpoint: {{ iaasVcenterEndpointName }}</p></td>
                                             <tr><td colspan="2" style="padding: 10px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Snapshot details</td></tr>
                                             <tr><th style="text-align: left;">Virtual Machine:</th><td>{{ cafeVirtualMachineName }} </td></tr>
                                             <tr><th style="text-align: left;">Snapshot Name:</th><td>{{ snapshotName }}</td></tr>
                                             <tr><th style="text-align: left;">Snapshot Owner:</th><td>{{ ownerName }} ({{ VM_OWNER_EMAIL }})</td></tr>
                                             <tr><td colspan="2" style="padding: 30px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Snapshot details</td></tr>
                                             <tr><th style="text-align: left;">Log:</th><td>{{ PROCESS_CONTENT }}</td></tr>
                                             <tr>
                                              <td colspan="2" style="padding: 50px 0px 10px 0px; font-size: 16px; font-weight: bold;">
                                          Regards,
                                          <p>SovLabs</p>
                                              </td>
                                             </tr>
                                             <tr>
                                              <td colspan="2" style="border-top: 1px solid #D5D5D5 ; font-size: 12px;">
                                               <p style="color: #808080;">*Please do not reply to this message.  All replies are routed to an unmonitored mailbox.</p>
                                              </td>
                                             </tr>
                                            </tbody>
                                          </table>
                                        
    <table style="font-family: sans-serif; font-size: 14px; color: #404041; sans-serif; padding: 5px; border: none; border-collapse: collapse;"/>
                                           <tbody/>
                                            <tr style="border-bottom: 3px solid #1B75BA;">
                                             <td colspan="2" style="padding-bottom: 10px;">
                                              <a href="https://sovlabs.com" target="_blank"><img src="http://bit.ly/2ozluWb" alt="SovLabs logo"></a>
                                             </td>
                                            </tr>
                                            <tr>
                                             <td colspan="2" style="font-size: 20px; font-weight: bold; padding-top: 10px; padding-bottom: 20px;">
                                          Snapshot Mangement for vRA tenant {{tenant}}
                                             </td>
                                             </tr>
                                             <tr><td colspan="2" style="padding-bottom: 20px;"><p>Hello,</p><p> {{ currentState }} - for snapshot {{ snapshotName }} on {{ cafeVirtualMachineName }}.</p></td>
                                             <tr><td colspan="2" style="padding: 10px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">Snapshot details</td></tr>
                                             <tr><th style="text-align: left;">vRA tenant:</th><td>{{ tenant }} </td></tr>
                                             <tr><th style="text-align: left;">SovLabs vCenter endpoint:</th><td>{{ iaasVcenterEndpointName }} </td></tr>
                                             <tr><th style="text-align: left;">Virtual Machine:</th><td>{{ cafeVirtualMachineName }} </td></tr>
                                             <tr><th style="text-align: left;">Snapshot Name:</th><td>{{ snapshotName }}</td></tr>
                                             <tr><th style="text-align: left;">Snapshot Owner:</th><td>{{ ownerName }} ({{ VM_OWNER_EMAIL }})</td></tr>
                                             <tr><td colspan="2" style="padding: 30px 0px 5px 0px; color: #1B75BA ; border-bottom: 2px solid #E5E5E5; font-size: 15px; font-weight: bold;">{{ currentState }} Message</td></tr>
                                             <tr><th style="text-align: left;">Log:</th><td>{{ PROCESS_CONTENT }}</td></tr>
                                             <tr>
                                              <td colspan="2" style="padding: 50px 0px 10px 0px; font-size: 16px; font-weight: bold;">
                                          Regards,
                                          <p>SovLabs</p>
                                              </td>
                                             </tr>
                                             <tr>
                                              <td colspan="2" style="border-top: 1px solid #D5D5D5 ; font-size: 12px;">
                                               <p style="color: #808080;">*Please do not reply to this message.  All replies are routed to an unmonitored mailbox.</p>
                                              </td>
                                             </tr>
                                            </tbody>
                                          </table>
                                        
  6. On the Catalog page, click on the Request button for: Add Notification Group Configuration
    Add Notification Group Configuration
    Notification Group Configuration

    A Notification Group configuration holds multiple notification configurations

    FieldValue
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type Select SNAPSHOT
    Notifications Select all desired notification configurations
  7. On the Catalog page, click on the Request button for: Add Snapshot Configuration
    Add Snapshot Configuration
    Snapshot Configuration

    A Snapshot configuration represents configurations for vSphere Snapshot Management

    FieldValue
    vCenter Endpoints defined? Read-only field, should say "Yes". SovLabs vCenter Endpoints must be defined prior to submitting this form.
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    SovLabs vRA CAFE Endpoint Select the desired SovLabs vRA CAFE endpoint. Make sure to define SovLabs vRA CAFE endpoint(s) prior to.
    SovLabs vRA IaaS Endpoint Select the desired SovLabs vRA IaaS endpoint. Make sure to define SovLabs vRA IaaS endpoint(s) prior to.
    Notification Group Select the desired Notification Group. Make sure to define Notification Group(s) with type SNAPSHOT prior to.
    VMs for all vRA Business Groups? Select whether or not to manage snapshots for all vRA Business Groups defined for this vRA tenant.
    Filter VMs by vRA Business Group(s)

    *Only shown when 'VMs for all vRA Business Groups?' is Yes

    Select all desired vRA Business Group(s) to manage snapshots for

    Snapshot lifespan (days) Define a snapshot's lifespan in number of days
    Expiration warning notification(s) Define when to send warning notifications in number of days from expiration
    Snapshot lifespan (days) Define a snapshot's lifespan in number of days
    Click "Next"
    Snapshot Scheduler
    All scheduling will be executed in the vRO instance timezone Read-only field that depicts vRealize Orchestrator's timezone. When defining a schedule for snapshot management, please convert your desired scheduled time(s) to be aligned with vRO's timezone.
    Schedule is active? Defaulted to "Yes". At a later time, can specify a specific Snapshot Configuration to be inactive by selecting "No" and will not run for the specific Snapshot Configuration
    Schedule type Define when to run this Snapshot Configuration: Daily, Weekly, Monthly, or Run once
    Daily
    Weekly
    Monthly
    Run once

    Daily: hh:mm in military time

    Weekly: EEE hh:mm where EEE is Mon, Tue, Wed, Thu, Fri, Sat, Sun and hh:mm is in military time

    Monthly: dd hh:mm where dd is the day of the month 01-31 and hh:mm is in military time

    Run once: Select a specific date and time to run. Will only run once.

    Schedule end date *Optional: Select a date when to end this Snapshot Configuration scheduled task

Usage

  1. An inventory will run and send out notifications appropriately. If a snapshot's age has met the expiration day, it will automatically delete the snapshot.
  2. The last SovLabs Snapshot Configuration deleted deletes the vRealize Orchestrator scheduled task for Snapshot Management

Disable

  1. Login to the vRA tenant
  2. Click on the Catalog tab
  3. Click on Manage Snapshot Scheduler:
    1. Click on the desired action (e.g. Suspend or Resume)
    2. Click Submit
  4. Repeat Step 3 for all desired blueprints

SovLabs Modules Appendix

Updating a SovLabs vRA module item

On each vRA tenant for each SovLabs module vRA item to update, perform the following steps

  1. Login to the desired vRA tenant
  2. Click on the Items tab
  3. Select the desired SovLabs module name via the left-hand menu
  4. Click on the desired SovLabs module vRA item

    Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage

  5. Click on Actions > Update
  6. Fill out the update form fields properly
  7. Click Submit

Managing Credentials for SovLabs modules

SovLabs Credential allows credential/authentication credentials to be stored and reused for SovLabs modules

SovLabs Credential
SovLabs Credential

SovLabs Credential allows better management of credentials across blueprints and configuration items. Once an Credential is configured, it will be encrypted

Modules that use the Credential configuration will provide a dropdown list of relevant Credential configurations to choose from

An Credential is tenant specific

Prerequisites

  • If utilizing SSH keys, have the full SSH private key readily available along with the SSH Key passphrase, if a passphrase is required
  • If using a simple login username and password, have the credentials readily available

Add an Credential

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Select the Manage Credential Configuration catalog item
  4. Fill out the request form fields properly:
    FieldValue
    Create credential? Select Yes
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type

    Type of Credential use

    Subtype

    Subtype for granular filtering

    For types other than Provisioned Node, leave blank

    Connection method Select either basic or SSH
    SSH Key used?

    *Only shown when 'Connection method' is SSH

    Select Yes to use an SSH key
    Username Username that has necessary permissions
    Password

    *Only shown when 'SSH key used' is No

    Users's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key Password

    *Only shown when 'SSH key used' is Yes

    SSH Key password, if any
  5. Click Submit

A SovLabs Credential does not create an Item in vRA

Update an Credential

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Select the Manage Credential Configuration catalog item
  4. Fill out the request form fields properly:
    FieldValue
    Create credential? Select No
    Delete credential Select No
    Credential Select the desired credential to update
    Configuration label

    *Only AlphaNumeric characters, no spaces or special characters except: - and _

    Unique label name

    Type

    Type of credential use

    Subtype

    Subtype for granular filtering

    For types other than Provisioned Node, leave blank

    Connection method Select either basic or SSH
    SSH Key used?

    *Only shown when 'Connection method' is SSH

    Select Yes to use an SSH key
    Username Username that has necessary permissions
    Password

    *Only shown when 'SSH key used' is No

    Users's password
    SSH Key

    *Only shown when 'SSH key used' is Yes

    SSH Key
    SSH Key Password

    *Only shown when 'SSH key used' is Yes

    SSH Key password, if any
  5. Click Submit

A SovLabs Credential does not create an Item in vRA

Delete an Credential

  1. Login to the desired vRA tenant
  2. Click on the Catalog tab
  3. Select the Manage Credential Configuration catalog item
  4. Fill out the request form fields properly:
    FieldValue
    Create credential? Select No
    Delete credential Select Yes
    Credential Select the desired credential to delete
  5. Click Submit

Deleting a SovLabs vRA module item

On each vRA tenant for each SovLabs module vRA item to delete, perform the following steps

  1. Login to the desired vRA tenant
  2. Click on the Items tab
  3. Select the desired SovLabs module name via the left-hand menu
  4. Click on the desired SovLabs module vRA item

    Don't see the item? Find the Owned by: dropdown (next to the searchbar) and select All groups I Manage

  5. Click on Actions > Delete
  6. Accept the defaults
  7. Click Submit