I love writing automation, especially for deploying a consistent and repeatable environment for testing or learning purposes. I recently deployed the latest Aria Suite Lifecycle Manager 8.14 (formally vRealize Suite Lifecycle Manager or vRSLCM) manually using the graphical Easy Installer method, which was easy and straight forward.
Unlike the vCenter Server Appliance (VCSA) installer, which includes both a UI and CLI option, the latter for automation purposes. I found that ASLCM only provides an interactive UI method for deployment and I was interested in an automated solution. Similar to the VCSA installer, the extracted contents of the ASLCM ISO is the installer and OVA image, so I figured I could just deploy using PowerCLI and I could start playing with ASLCM!
Automating the ASLCM OVA deployment was trivial, but what I discovered was that there was different behavior between using the Easy Installer versus just deploying the OVA and powering it on. I observed that I was not able to login using the password that I had set in the OVF properties for the admin@local user ...
Long story short, I eventually realized that the Easy Installer was also performing the default password change for admin@local user, which typically is not required for most VMware appliances as you can define that as part of the OVF properties. I am not sure why it was designed to have a "default" password rather than just setting it up right from the beginning.
In any case, after observing how the ASLCM appliance was configured, I was able to create a fully automated deployment script for ASLCM using the OVA and it would ensure that it was ready before initiating the default password change using ASLCM APIs.
$vCenterServerFQDN = "FILL_ME_IN"
$vCenterUsername = "FILL_ME_IN"
$vCenterPassword = "FILL_ME_IN"
$VMFolder = "Workloads"
$VMCluster = "Supermicro-Cluster"
$VMNetwork = "VM Network"
$VMDatastore = "sm-vsanDatastore"
$VMNetmask = "255.255.255.0"
$VMGateway = "192.168.30.1"
$VMDNS = "192.168.30.2"
$VMNTP = "pool.ntp.org"
$VMDomain = "primp-industries.local"
# Aria Suite Lifecycle Manager Configurations
$AriaSuiteLifecycleHostname = "aria-lcm"
$AriaSuiteLifecycleIP = "192.168.30.91"
$AriaSuiteLifecycleRootPassword = "VMware1!"
$AriaSuiteLifecycleAdminPassword = "VMware1!"
$AriaSuiteLifecycleOVA = "/Volumes/Storage/Software/VMware-Aria-Suite-Lifecycle-Installer-22630473/vrlcm/VMware-Aria-Suite-Lifecycle-Appliance-8.14.0.4-22630472.ova"
### DO NOT EDIT BEYOND HERE ###
$AriaSuiteLifecycleFQDN = "${AriaSuiteLifecycleHostname}.${VMDomain}"
Write-Host "Connecting to vCenter Server ..."
Connect-VIServer -Server $vCenterServerFQDN -User $vCenterUsername -Password $vCenterPassword | Out-Null
$ovfconfig = Get-OvfConfiguration $AriaSuiteLifecycleOVA
$networkMapLabel = ($ovfconfig.ToHashTable().keys | where {$_ -Match "NetworkMapping"}).replace("NetworkMapping.","").replace("-","_").replace(" ","_")
$ovfconfig.NetworkMapping.$networkMapLabel.value = $VMNetwork
$ovfconfig.common.vami.hostname.value = $AriaSuiteLifecycleFQDN
$ovfconfig.vami.VMware_Aria_Suite_Lifecycle_Appliance.ip0.value = $AriaSuiteLifecycleIP
$ovfconfig.vami.VMware_Aria_Suite_Lifecycle_Appliance.netmask0.value = $VMNetmask
$ovfconfig.vami.VMware_Aria_Suite_Lifecycle_Appliance.gateway.value = $VMGateway
$ovfconfig.vami.VMware_Aria_Suite_Lifecycle_Appliance.DNS.value = $VMDNS
$ovfconfig.vami.VMware_Aria_Suite_Lifecycle_Appliance.searchpath.value = $VMDomain
$ovfconfig.common.varoot_password.value = $AriaSuiteLifecycleRootPassword
$ovfconfig.common.va_ssh_enabled.value = "True"
$ovfconfig.common.va_firstboot_enabled.value = "True"
$ovfconfig.common.va_telemetry_enabled.value = "False"
$ovfconfig.common.va_fips_enabled.value = "False"
$ovfconfig.common.va_ntp_servers.value = $VMNTP
$datastore = Get-Datastore -Server $viConnection -Name $VMDatastore | Select -First 1
$cluster = Get-Cluster -Server $viConnection -Name $VMCluster
$vmhost = $cluster | Get-VMHost | Get-Random -Count 1
$vmfolder = Get-Folder -Name $VMFolder
Write-Host "Deploying Aria Suite Lifecycle Manager OVA ..."
$vm = Import-VApp -Source $AriaSuiteLifecycleOVA -OvfConfiguration $ovfconfig -Name $AriaSuiteLifecycleHostname -Location $VMCluster -VMHost $vmhost -Datastore $datastore -DiskStorageFormat thin -InventoryLocation (Get-Folder $VMFolder)
$vm | Start-Vm -RunAsync | Out-Null
Disconnect-VIServer * -Confirm:$false | Out-Null
Write-Host "Waiting for Aria Suite Lifecycle Manager to be ready ..."
while(1) {
try {
$requests = Invoke-WebRequest -Uri "https://$($AriaSuiteLifecycleFQDN)/lcm/bootstrap/api/status" -Method GET -SkipCertificateCheck -TimeoutSec 5
if($requests.StatusCode -eq 200) {
Write-Host "Aria Suite Lifecycle Manager is now ready!"
break
}
}
catch {
Write-Host "Aria Suite Lifecycle Manager is not ready yet, sleeping for 5 minutes ..."
sleep 300
}
}
$json = @{
"username" = "admin@local"
"password" = $AriaSuiteLifecycleAdminPassword
}
$body = $json | ConvertTo-Json -Depth 2
$pair = "admin@local:vmware"
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$base64 = [System.Convert]::ToBase64String($bytes)
$headers = @{
"Authorization"="basic $base64"
"Content-Type"="application/json"
"Accept"="application/json"
}
Write-Host "Changing default password for admin@local user ..."
$requests = Invoke-WebRequest -Uri "https://$($AriaSuiteLifecycleFQDN)/lcm/authzn/api/firstboot/updatepassword" -Method PUT -SkipCertificateCheck -TimeoutSec 5 -Headers $headers -Body $body
if($requests.StatusCode -eq 200) {
Write-Host "admin@local password change successful!"
} else {
Write-Error "Failed to change default password"
}
Write-Host -ForegroundColor Green "You can now login to Aria Suite Lifecycle Manager https://$($AriaSuiteLifecycleFQDN)/login`n"
Here is a screenshot of running the script above once the default password has been changed, you can then login by opening a browser to https://[FQDN_ASLCM/login as directed in the console output of the script using the default admin@local user account:
and there you have it, automated deployment of ASLCM along with the default password configured similar to using the Easy Installer UI!
This automation is actually part of a more comprehensive project that I am currently working on with the rest of the Aria products, so stay tuned for more details!
William are you aware of any way to assign admin@local permissions to a vidm user? I only ever login to LCM to do admin tasks, but every time I go from vidm to LCM I have to then logout and then log back in as admin@local to get access to all the settings.
https://old.reddit.com/r/vmware/comments/1c04e2u/aria_suite_lifecycle_give_a_user_the_same/?
Hi William.. Is there any way we can remove a particular environment from LCM to make it standalone (in our case it is sandbox env)