Automating vCAC (vCloud Automation Center) 6.0 Identity & Appliance configurations

vCloud Automation Center (vCAC) 6.0 was released a couple of weeks ago and I have been wanting to give it a spin in my lab, especially given the new architecture and distribution form factors (Virtual Appliances + Windows). vCAC 6.0 is now comprised of three core components: Identity VA (standalone Single-Sign On Server), vCAC VA and IaaS which is still based on Microsoft .NET and will still require a Windows Server. Given the first two components are Virtual Appliances, my first intuition was to automate the configuration so I would not have to manually go through the various configuration screens using the VAMI interface.

Note: For new users of vCAC that want to get up running and fast, I highly recommend checking out Kendrick Coleman's fantastic vCAC 6.0 installation blog article series which includes step-by-step instructions and screenshots. Jad El-Zien, a Principal Engineer for VMware also has a nice collection of vCAC 6.0 installation videos but is based off of an earlier vCAC 6.0 beta (there are some things that have changed) that you can also check out if you prefer watching a video.

I initially started out with the VAMI since I have never worked with vCAC before. While the Virtual Appliances were getting configured I was also paying close attention to the logs that were being generated and the contents gave me an idea this was possible. I would also like to thank some of the folks from the vCAC Engineering team who helped answered a couple of my questions that had me stuck for a couple of days. Reverse engineering can only take you so far ... at least if you want an answer relatively quickly 😉

To that, I have created two shell scripts which will fully automate the configuration of both the vCAC Identity VA as well as the vCAC VA without any additional user interaction. The first script that we will take a look at is called configureVCACIdentity.sh and it there are a couple of variables you will need to edit before running the script. The script makes primarily make uses of the following CLI commands within the vCAC VA:

• /opt/vmware/share/vami/custom-services/bin/vami
• /opt/vmware/share/vami/vami_set_timezone_cmd
• /usr/lib/vmware-identity-va-mgmt/firstboot/vmware-identity-va-firstboot.sh
• /opt/likewise/bin/domainjoin-cli

Here are the variables and their corresponding descriptions:

VCAC_SSO_PASSWORD - Password for SSO Administrator account
VCAC_SSO_HOSTNAME - Hostname of Identity VA (FQDN)
TIMEZONE - Timezone to configure the VA (complete list in /usr/share/zoneinfo)
NTP_SERVERS - NTP Servers (comma separated list)
JOIN_AD - 1 or 0 which determines if you want to join Active Director Domain
AD_DOMAIN - AD Domain Name
AD_USERNAME - AD Username
AD_PASSWORD - AD Password

Here is an example of running the configureVCACIdentity.sh script:

To reduce the amount of output on the screen, there is a detailed log file called vghetto-vcac-id.log that is generated by the script and can be found in the home directory of the root account when logging in via SSH.

You can verify everything was successfully configured by logging into the vCAC Identity VA by going to the VAMI URL: https://[VCAC-IDENTITY-VA-HOSTNAME]:5480

The second script is called configureVCACVA.sh which will configure and setup the vCAC VA. It performs a number of operations including generating a Self-Signed SSL Certificate and connecting to the vCAC Identity VA and licensing the vCAC VA which is required before moving onto the installation of the IaaS component. The vCAC service takes a couple of minutes to fully initialize and you will notice the script will sleep for 5 minutes which is approximately how long it takes before performing the final task of licensing vCAC. The script makes primarly make uses of the following CLI commands within the vCAC VA:

• /opt/vmware/share/vami/vami_set_timezone_cmd
• /usr/bin/openssl
• /usr/java/jre-vmware/bin/keytool
• /usr/sbin/vcac-config
• /usr/sbin/vcac-vami

Here are all the variables you will need to edit before running the script. 

VCAC_SSO_SERVER - Hostname of Identity VA (FQDN)
VCAC_SSO_PASSWORD - Password for SSO Administrator account
VCAC_VA_HOSTNAME - Hostname of vCAC VA (FQDN)
NTP_SERVERS - NTP Servers (comma separated list)
TIMEZONE - Timezone to configure the VA (complete list in /usr/share/zoneinfo)
SSL_CERT_ORGANIZATION - Self-Sign SSL Cert organization name
SSL_CERT_ORGANIZATION_UNIT - Self-Sign SSL Cert organization unit name
SSL_CERT_COUNTRY - Self-Sign SSL Cert country
SSL_CERT_STATE - Self-Sign SSL Cert state
SSl_CERT_CITY - Self-Sign SSL Cert city
SSL_CERT_EMAIL - Self-Sign SSL Cert email address
VCAC_LICENSE_KEY - vCAC license key

Here is an example of running the configureVCACVA.sh script:

To reduce the amount of output on the screen, there is a detailed log file called vghetto-vcac-va.log that is generated by the script and can be found in the home directory of the root account when logging in via SSH.

You can verify everything was successfully configured by logging into the vCAC Identity VA by going to the VAMI URL: https://[VCAC-VA-HOSTNAME]:5480

Once you have finished configuring both vCAC Identity VA and vCAC VA you will now be able to login to the vCAC VA portal by going to the following URL: https://[VCAC-VA-HOSTNAME]/shell-ui-app/

In just under 10 minutes you can have a fully configured a vCAC Identity VA and vCAC VA without having to go through multiple configuration screens using the VAMI interface. This is also great for unattended deployments or POC (Proof of Concepts) to quickly standup two out of the three core components for vCAC. I am sure for folks that are more familiar with Windows can probably even automate the IaaS component installation of vCAC, however be aware that also has some additional dependencies such as installing a particular version of .NET and SQL Server. I will leave that automation as a task for the reader 😉

UPDATE (12/23/13) - Take a look at this article for automating vCAC IaaS + SQL Server installation.