In Part 3 of this blog series, we will now move onto configuring the vRA Appliance which includes setting up the VMware Identity Manager (Horizon SSO). There are two mandatory variables that you will need to edit prior to executing the configurevRA-Appliance.sh shell script. In addition, there are few optional variables that you can also configure which includes specifying a license key for vRA.
Variable | Description | Required |
---|---|---|
HORIZON_SSO_PASSWORD | SSO Password | Yes |
NTP_SERVER | NTP Server | Yes |
VRA_LICENSE_KEY | vRA license key | No |
VRA_SSL_CERT_COUNTRY | SSL cert | No |
VRA_SSL_CERT_STATE | SSL cert State | No |
VRA_SSL_CERT_ORG | SSL cert Org | No |
VRA_SSL_CERT_ORG_UNIT | SSL cert OU | No |
Once you have saved the changes to the script, you will need to run the script directly on the vRA Appliance. You can do so by uploading the script (SCP) to the vRA Appliance and then running it locally. If you prefer to run it remotely, you can leverage any existing SSH tools or if you prefer a Windows solution, something like plink or leveraging the vSphere Guest Operations API by using PowerCLI's Invoke-Guest cmdlet. By default, the script outputs all the verbose logging into /var/log/vra-appliance-configuration.log if you would like to get more details or perform some troubleshooting.
Here is an example of running the script locally on the vRA Appliance:
The script can take up to several minutes to configure and the high level steps are outputted to the screen console. Once the script has successfully completed, you can verify that everything is properly configured by logging into the Horizon SSO interface by opening a browser to the following URL: https://[VRA-APPLIANCE]/vcac which is also displayed in the output. You will login using "administrator" and the SSO password you had selected earlier. If you get a 404 when getting to the /vcac URL, you may just need to give it another 30 seconds and then refresh the page.
If you did not specify a vRA license, once logged in, you should see an "Invalid License" message. If you did specify a license, then you should see the vRA web interface as shown in the screenshot below. In case you get some strange errors after successfully logging in, you may need to wait a few minutes while the system finish initializing and then re-log back in.
In our fourth and final part of the blog series, we will tackle automating the the vRA IaaS Windows components from the vRA Appliance itself. This will include setting up the SSL certificates for both the Web/Manager Service and the installation of Web/Manager Service, Database, DEM Orchestrator, DEM Worker and vSphere Agent. Stay tuned!
- Automating vRealize Automation 7 Minimal Install: Part 1 - vRA Appliance Deployment
- Automating vRealize Automation 7 Minimal Install: Part 2 - vRA IaaS Agent Deployment
- Automating vRealize Automation 7 Minimal Install: Part 3 - vRA Appliance Configuration
- Automating vRealize Automation 7 Minimal Install: Part 4 - vRA IaaS Configuration
Brian D says
William, Hi, Thanks for sharing these scripts, they are useful time savers.
Laura says
Hi William,
Thanks for your sharing.
I am new to vRA, and I am tring to use your script for vRA7.1.0 automation.
Following your scripts in part1 and part2, succeed to deploy vra appliance ova and vra iaas agent. In part3, when executing this script in vra appliance vm, all seems ok except restart service for apach2.(./configurevRA-Appliance.sh: line 62: /etc/init.d/apache2: No such file or directory). There is no apach2 service in vra7.1.0 under /etc/init.d, which is different from vra7.0.
When opening a browser to the following URL: https://[VRA-APPLIANCE]/vcac then input sso account, it shows initialize error.
Could you provide some help about how to debug and fix this issue? Thanks for your help!
laura says
The problem is fixed. It's due to problems which need to be fixed in prerequisites checker phase. Thanks for the sharing, it helps a lot.