WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Automating vRealize Automation 7 Minimal Install: Part 4 - vRA IaaS Configuration

Automating vRealize Automation 7 Minimal Install: Part 4 - vRA IaaS Configuration

02.17.2016 by William Lam // 14 Comments

If you have been following the blog series thus far, we have covered deploying the vRA 7 Virtual Appliance, installing the vRA IaaS Management Agent on a Microsoft Windows system which will run the various IaaS components and then finally configuring the vRA Virtual Appliance which includes setting up the VMware Identity Manager (Horizon SSO). Before proceeding to the vRA IaaS installation, you will need to make sure that you have completed all three of steps above.

In addition, there are some other prerequisites (more details here) that are required on the Microsoft Windows system in which you plan to install the vRA IaaS components, namely an instance of Microsoft SQL Server running and various Windows configuration tweaks required by the installers. I will not be covering the installation of the DB, so this will be something you will need to either manually install or automate using a silent installer for SQL Server. For the pre-checks, although this is also not covered in the script, I will show you how you can run the same tool on the Windows system like you would using the new vRA 7 Guided Wizard. The tool will identify any configuration issues found and then also allow you to easily remediate them within the tool, which is an awesome feature in my opinion.

You can find the vRA IaaS Pre-req Checker tool on the vRA Appliance under the following path:

/opt/vmware/share/htdocs/service/iaas/download/PrereqChecker.zip

You will then need to SCP the PrereqChecker.zip file onto your Windows system that you plan to run the vRA IaaS components. Next, extract the contents of the zip and launch the PrereqChecker.exe. Before clicking on the "Run Checker" button, make sure you have enabled the IIS role, else the tool can not run all prechecks. The instructions are located to the right of the screen and once that has been completed, you can then run the precheck tool. For any issues that have been identified, you can remediate by clicking on the "Fix Issue" button. Once all prechecks have passed, you can then move onto the vRA IaaS installation.

automate-vrealize-automation-7-iaas-comonents
Note: I was a bit surprised to see that the PrereqChecker.zip could not be downloaded directly from the vRA Appliance like the other installers by simply opening a browser to the following URL:

https://[VRA-HOSTNAME]:5480/installer/PrereqChecker.zip

It turns out there an index.py script which defines which files can be downloaded without authentication. If you wish to change this behavior, you can run the following snippet on the vRA Appliance and then you can download the zip file directly from the browser which can be useful from an automation standpoint.

sed -i "s/'DBUpgrade.zip'/'DBUpgrade.zip','PrereqChecker.zip'/g" /opt/vmware/share/htdocs/service/iaas/index.py

If you have made it to this point, we are now ready to get our automation on! We will be installing the following vRA IaaS components which are listed below onto the Windows system which has the vRA IaaS Management Agent running.

  • SSL Certificate for Web and Manager Service
  • Database
  • Web API (WAPI) Service
  • Manager Service
  • DEM Orchestrator
  • DEM Worker
  • vSphere Agent

The automation will be completely driven from within the vRA Virtual Appliance using the configurevRA-IaaS.sh shell script. This is possible because we had deployed the vRA IaaS Management Agent earlier which will act as a proxy for all component installations. There are 9 variables that you will need to edit prior to running the script and you can find their descriptions below.

Variable Description
HORIZON_SSO_PASSWORD SSO Password that you had configured earlier
VRA_IAAS_HOSTNAME Hostname of the Windows system running vRA IaaS Components
VRA_IAAS_USERNAME Username for the Windows system
VRA_IAAS_PASSWORD Password for the Windows system (e.g. vra-iaas\administrator)
VRA_DATABASE_HOSTNAME Hostname of the Windows system running SQL Server (should be same as vRA IaaS system)
VRA_DATABASE_NAME Database name
VRA_DATABASE_USERNAME Database username (assumes Windows Auth)
VRA_DATABASE_PASSWORD Database password (assumes Windows Auth)
VRA_DATABASE_SECURITY_PASSPHRASE Security passphrase

Once you have saved your changes, you can then run the script on the vRA Appliance as shown in the screenshot below. All verbose output is stored in /var/log/vra-iaas-configuration.log and you will be able to see the high level operations displayed in the console. The entire process can take anywhere from 10-20 minutes depending on your environment and what you will looking for are the "INSTALLED SUCCESSFULLY" messages which I have highlighted in green below. If you have met all prereqs, you should not run into any issues but if you do, the script will output the specific errors from each of the installers.

automate-configuration-vra-iaas
Once the script has completed, you will now have a fully functional vRA 7 deployment which includes both the vRA Appliance as well as the vRA IaaS components! I would also like to give a big thanks to both Kim Delgado for connecting me with some of the vRA Engineering folks as well as a huge thanks to Dora L. from the vRA Engineering for assisting me with parts of the IaaS installation.

  • Automating vRealize Automation 7 Minimal Install: Part 1 - vRA Appliance Deployment
  • Automating vRealize Automation 7 Minimal Install: Part 2 - vRA IaaS Agent Deployment
  • Automating vRealize Automation 7 Minimal Install: Part 3 - vRA Appliance Configuration
  • Automating vRealize Automation 7 Minimal Install: Part 4 - vRA IaaS Configuration

More from my site

  • Automating vRealize Automation 7 Minimal Install: Part 3 - vRA Appliance Configuration
  • Automating vRealize Automation 7 Minimal Install: Part 2 - vRA IaaS Agent Deployment
  • Automating vRealize Automation 7 Minimal Install: Part 1 - vRA Appliance Deployment
  • New SDDC Certificate Replacement Fling
  • Automating vRealize stack based on VVD using new vRealize Suite Lifecycle Management

Categories // Automation, vRealize Suite Tags // vcac-config, vRA 7, vRealize Automation

Comments

  1. *protectedSarika says

    02/17/2016 at 9:35 pm

    Thanks for the post.
    However, I am facing an error while executing this scipt..

    Installation logs will be stored at /var/log/vra-iaas-configuration.log
    Generating Certificate Signing Request ...
    Generate Certificate Signing Request failed.

    In vra-iaas-configuration.log,

    web is the first component selected for Certificate generation
    Selected path to store certificates: /root/certs
    Generating Certificate Signing Request
    PK_LENGTH=4096; PK_ENCRYPTION=RSA; CERT_SIGNATURE_ALG=sha256
    Generating RSA private key, 4096 bit long modulus
    .................................................++
    ............................................................................................................................++
    e is 65537 (0x10001)
    problems making Certificate Request
    140138800137896:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1

    Please suggest some solution.

    Reply
    • *protectedDARREN PHILLIPS says

      06/08/2016 at 7:00 am

      Hi

      I hit a similar problem which I got round by changing

      generate_cert_cfg ${@:2}

      to

      generate_cert_cfg ${@}

      Basically the variables were not being picked up in the right order in the web.cfg file.

      BTW William, thanks for the work, brilliant as always.

      Reply
  2. *protectedIamsrk says

    02/19/2016 at 3:03 am

    Will this script work if my database is on another machine (different from IaaS)?

    Reply
    • William Lam says

      02/19/2016 at 6:39 am

      It should, but its not something I've personally tested. There's a separate variable in the script that specifies your DB system, so you can just specify that assuming you meet all the pre-reqs

      Reply
      • *protectedIamsrk says

        02/25/2016 at 2:06 am

        My database is on another machine (not on IaaS itself). I changed the VRA_DATABASE_HOSTNAME variable accordingly. Database is getting created. But script fails during install_web operation with following error in vCAC-Config.log file
        System.Data.Services.Client.DataServiceTransportException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

        Reply
        • *protectedSarika says

          03/08/2016 at 9:53 pm

          I am facing the same issue!
          Please help.

          Reply
          • *protectedBrenda Swarts says

            04/06/2016 at 8:54 pm

            I'm facing the same issue trying to install vRA 6.2.4. Has their been any resolution?

  3. *protectedSylar says

    02/19/2016 at 7:22 am

    Hi William,

    When i have used same value from script for web and MS Certificate, i am able to go to next steps but iaas component installation failed with below error

    :Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

    Please suggest.

    Reply
  4. *protectedppatil29 says

    03/10/2016 at 10:07 pm

    I am also facing same trust relationship issue...

    Could not establish trust relationship for the SSL/TLS secure channel. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

    Please suggest.

    Reply
  5. William Lam says

    03/11/2016 at 7:33 am

    For folks running into the "SSL/TLS secure channel. —> System.Net.WebException:" error, are you all running the VRA's SQL Database on a separate system? Given this is not a scenario I've personally tested, its possible additional configurations maybe required. I'll see if I can get someone from Engineering to help take a look but no promises

    Reply
    • *protectedppatil29 says

      03/14/2016 at 12:04 am

      Thanks William.
      We are using external database for vRA7 setup.
      Let us know if you/your team get some solution.

      Reply
  6. *protected@alexanderjn says

    03/21/2016 at 11:40 am

    One note on the statement "You will then need to SCP the PrereqChecker.zip file onto your Windows system that you plan to run the vRA IaaS components."

    You can also access it via https, https:// :5480/service/iaas/download/PrereqChecker.zip

    Reply
    • *protected@alexanderjn says

      03/21/2016 at 11:41 am

      note: it will require authorization to download

      Reply
  7. *protectedBrenda Swarts says

    04/06/2016 at 8:48 pm

    I'm experiencing the same SSL/TLS error with vRA 6.2.4. Same scenario.

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...