vRealize Automation 8 Tutorial

 vRA 8.x Tutorial

In this vRA 8 Tutorial we will cover the below initial configuration scenarios:

1) Granting user access to vRA
2) Initial vRA Infrastructure construct configuration
3) Blueprint creation


If largely unfamiliar with the vRA 8.x footprint I would suggest first reviewing the vRA 8.x basics post for a brief high level overview of vRA 8 architecture.

This article will cover the post install initial configuration tasks, for more on the installation procedure itself you can review the vRA 8.x installation post.




1) Granting user access


  • Add directory to vIDM

Authentication and the syncing of active directory users in vRA 8.x is handled by the external vIDM component. To achieve this we need to add our directory in vIDM.



  • Login to vIDM as admin user configured during install: https://<vIDMnode/LBFQDN>
  • Navigate to Identity & Access Management tab
  • Select Add Directory & populate the required directory information
  • Test connection to ensure Bind user can communicate with AD server
  • Save and Next








Here you have important settings such as:

  • Server Location - Whether you want to manually specify an AD server for vIDM to communicate with or leave it to the internal workings of DNS itself to determine this.
  • Encryption - Whether the connection to AD will leverage STARTTLS encryption by securing traffic with a certificate. (needs to already be configured on AD side)
  • Bind User - The user leveraged by vIDM to communicate with AD server (required domain admin rights)
  • Base DN - The DN from which vIDM will start its search for AD users. Best practise is to only include DN of users who will actually leverage vRA , adding root of AD DN will cause slight performance overhead of syncing users.



You can then review the attribute mapping between AD & vIDM property values.




Next we select the Groups (user member's) we want to sync from Active Directory. Specify the groups in DN(Distinguish Name) format, for example:

CN=vRAUsers,OU=ITConsumers,DC=Domain,DC=Local






Now, we select the Users we want to be added. Similar to the Group configuration it's expecting the DN format.



The last step is to review the directory settings and complete the wizard. We are then left on the directory configuration UI where settings can be reviewed, and manual directory sync can be triggered.



 The synced users and group members are now available to assign roles & permissions in the vRA UI.


To assign Permissions/Roles to the users log back in to vRA UI & navigate to Identity & Access Management.




Select the checkbox next to the user name you wish to edit and select Edit Roles





Here you can assign Organization Role and Service Roles. Organization Role is mandatory and has only 2 types Org member or Org owner, but there are many service Roles available to select.





For a more detailed breakdown on Roles and Permissions in vRA 8.x see official documentation.







2) Initial vRA Infrastructure construct configuration


  • Create Cloud Account
  • Create Cloud Zone

  • Create Project


In order to achieve a complete understanding of the logical constructs of vRA 8.x and the mapping to vRA 7.x objects before proceeding I suggest first reviewing the constructs mapping section of vRA 8.x transition guide.

Particularly useful is the Concept comparison image included below which shows maps the older 7.x constructs to the new constructs leveraged in vRA 8.x



https://docs.vmware.com/en/vRealize-Automation/8.6/vrealize-automation-transition/images/GUID-3AFE2692-3404-4E12-8C2C-96DB01B27870-low.png




Once User Access has been sorted next you are going to want to add whatever backend resource(s) that will be hosting your workload to the vRA configuration. The first step in this process will be to create our Cloud account (think endpoint in vRA 7.x terms)


Create Cloud Account



vRA 8.x uses Cloud Accounts to map to endpoints, Cloud Zones to carve out a set of resources from a Cloud Account & Project objects to determine the scope of catalog items and resources that can be requested.


  • Login to vRA as a user with Cloud Assembly Administrator Role.
  • Navigate to Cloud Assembly -> Infrastructure -> Connections -> Cloud Accounts
  • Select + Add Cloud Account
  • Select the Cloud account type (in our case vCenter Server)
  • Populate the Cloud Account information, Validate the credentials, accept the certificate & select ADD








Upon completion, we can see our added vCenter Cloud Account and view the data collection status.




Create Cloud Zone


In order to consume resources from this cloud account we will need to configure our Cloud Zone object, Cloud Zones serve a similar function to Fabric groups in vRA 7.x.

  • Navigate to  Infrastructure -> Configure -> Cloud Zones
  • Select + New Cloud Zone
  • Populate the Cloud Zone Summary information by selecting Cloud Account object, providing name & description.
  • In the Compute tab add the compute resource objects that we want this Cloud Zone to leverage.
  • In the Projects Tab select the projects that are allowed to Provision to this cloud zone.










Afterwards we can see our Cloud Zone object configured






Create Project



Next we need a Project object(Think business Group in vRA 7.x terms). Projects allow a set of users to gain access to underlying services and resources from the added cloud zones.

There is a 1:Many relationship between projects and Cloud Zones , For example a single project object can deploy to multiple cloud zones. Reservations are gone in vRA 8.x replaced instead with Constraint & Capability tagging. I intend to discuss these in a future post for but now you can review the official documentation to learn more about Tags in vRA 8.x.



  • To create the project navigate to Infrastructure ->Administration-> Projects -> + New Project
  • Populate the Summary, Users & Provisioning tabs & select Create







Now that we have our Cloud Account, Cloud Zone & Project we can begin to create blueprints and other catalogue item content for Project Members to begin requesting.








3) Blueprint creation


  • Create Flavour Mapping
  • Create Image Mapping
  • Create and Deploy Blueprint



Perhaps one of the most prominent changes from vRA 7.x is the replacement of the vRA 7.x design canvas with the Blueprint YAML creator included in vRA 8.x. Templates are represented slightly different in vRA 8.x with Flavour mappings and image mappings used to represent templates and component profile sizes(t-shirt sizes) in old vRa 7.x terms




Create Flavour Mapping



  • Navigate to: Cloud Assembly > Infrastructure > Configure > Flavor Mapping and select New Flavor Mapping.

  • Add the new Flavor name, such as Small, Medium or Large, Select Account/Region

  • Specify a Compute value.




Create Image Mapping



  • Navigate to: Cloud Assembly > Infrastructure > Configure > Image Mapping and select New Image Mapping.
  • Add the new Image name,  Select Account/Region, Template object to map image from & enter any constraint tags



Create Blueprint


  • Navigate to Cloud Assembly > Design > Blueprints > New

  • Enter a Blueprint Name, Description select a Project, and click Create. This will open the Design canvas wizard.







  • From the left-hand panel we can drag a Machine object onto our design canvas
  • This creates the basic YAML code for a cloud agnostic VM object, then we simply need to add our recently created image and flavor, so it looks like:

formatVersion: 1
inputs: {}
resources:
  Cloud_Machine_1:
    type: Cloud.Machine
    properties:
      image: 'New Image'
      flavor: 'Medium'





  • Next Select Deploy and Provide Deployment Name, Cloud template version & Description



This brings us to the deployments tab where request can be monitored

Comments

Post a Comment

Popular posts from this blog

vRealize Automation appliance services not registering

Image
Note this article covers only vRA 7.x, for vRA 8.x be sure to check out vRA 8 related articles: vRA 8.x basics vRA 8.x health check failing vRA 8.x Tutorial A common issue can be vRealize Automation appliance services not registering. This issue is typically noticed after a reboot or unplanned service outtage. The following article is intended to provide a walkthrough of troubleshooting such a scenario. Unfortunately the vRA catalina.out logfile located under /var/log/vmware/vcac can be quite cryptic in these scenario's and often just reports generic http response response codes. The service registry can be checked under the vami interface in vRA Settings -> Services tab and also via the component registry URL: https://vRAappliance/component-registry/ services / status / current Based on my experience the main offenders for vRA appliance service registry issues are as follows: Disk space. RabbitMQ  - internal messaging broker service leveraged by vRA. vIDM...
Read more

IaaS service not registering

Image
IaaS refers to the collection components installed on the Windows servers in a vRealize Automation environment. This article will focus specifically on the troubleshooting methodology applied when this IaaS service is not registering on the vRA appliances, I intend to create a separate post at a later date to focus solely on the purpose of each individual IaaS component. See vRA Management agents explained article for further explanation specifically for IaaS Management Agent components. The Problem The IaaS service registry status can be viewed in the Services tab of the VAMI interface or at the vRA appliance component service registry health check URL. https://vRA:5480 https://vRA/ component-registry/services/status/ current   Typically, IaaS service registry issues will be noticed here first. Other common symptoms of IaaS service registry issues include problems accessing the Infrastructure tab or general provisioning/data collection failures. ...
Read more

vRA 7.x Certificate Replacement Process

Image
  vRA 7.x Certificate Replacement Process Certificate for component "website" on node "<node name>" will expire on <date> Certificate for component "ManagerService" on node "<node name>" will expire on <date> Seeing the above message in your vRA vami interface, that means its time to replace your vRA ssl certificates. This post will cover the vRA 7.x cert replacement process. Certificate Management in vRA 7.x has been simplified and is all performed from the Certificates tab of the VAMI interface: https:<vRAFQDN>:5480 -> vRA -> Certificates A distributed vRA will have three main certificate components: vRA cert itself IaaS web certificate IaaS manager certificate !! In a simple install with a single IaaS web server the Manager and Web component will share the same certificate!! You have two options when choosing a certificate: Self-signed certificate generated by vRA itself Certificate Authority Signed certif...
Read more