WilliamLam.com

Automating vRealize Automation 7 Minimal Install: Part 3 - vRA Appliance Configuration

by // 3 Comments

In Part 3 of this blog series, we will now move onto configuring the vRA Appliance which includes setting up the VMware Identity Manager (Horizon SSO). There are two mandatory variables that you will need to edit prior to executing the configurevRA-Appliance.sh shell script. In addition, there are few optional variables that you can also configure which includes specifying a license key for vRA.

Variable Description Required
HORIZON_SSO_PASSWORD SSO Password Yes
NTP_SERVER NTP Server Yes
VRA_LICENSE_KEY vRA license key No
VRA_SSL_CERT_COUNTRY SSL cert No
VRA_SSL_CERT_STATE SSL cert State No
VRA_SSL_CERT_ORG SSL cert Org No
VRA_SSL_CERT_ORG_UNIT SSL cert OU No

Once you have saved the changes to the script, you will need to run the script directly on the vRA Appliance. You can do so by uploading the script (SCP) to the vRA Appliance and then running it locally. If you prefer to run it remotely, you can leverage any existing SSH tools or if you prefer a Windows solution, something like plink or leveraging the vSphere Guest Operations API by using PowerCLI's Invoke-Guest cmdlet. By default, the script outputs all the verbose logging into /var/log/vra-appliance-configuration.log if you would like to get more details or perform some troubleshooting.

Here is an example of running the script locally on the vRA Appliance:

automate-vra7-appliance-configuration-3
The script can take up to several minutes to configure and the high level steps are outputted to the screen console. Once the script has successfully completed, you can verify that everything is properly configured by logging into the Horizon SSO interface by opening a browser to the following URL: https://[VRA-APPLIANCE]/vcac which is also displayed in the output. You will login using "administrator" and the SSO password you had selected earlier. If you get a 404 when getting to the /vcac URL, you may just need to give it another 30 seconds and then refresh the page.

automate-vra7-appliance-configuration-0
If you did not specify a vRA license, once logged in, you should see an "Invalid License" message. If you did specify a license, then you should see the vRA web interface as shown in the screenshot below. In case you get some strange errors after successfully logging in, you may need to wait a few minutes while the system finish initializing and then re-log back in.

automate-vra7-appliance-configuration-2
In our fourth and final part of the blog series, we will tackle automating the the vRA IaaS Windows components from the vRA Appliance itself. This will include setting up the SSL certificates for both the Web/Manager Service and the installation of Web/Manager Service, Database, DEM Orchestrator, DEM Worker and vSphere Agent. Stay tuned!

How to limit the number "Logical" CPUs in ESXi?

by // 13 Comments

Last week I received a very strange customer inquiry in which they would like to limit the number of physical CPU sockets seen by ESXi. As you can imagine, my interest was piqued as this is usually not the type of request you hear from customers looking to actively reduce the overall computing power of their underlying hardware, especially if they have paid for it. After digging into the details a bit more, it turns out this is related to licensing.

The customer is running an application on a VM which is licensed by the total number of underlying physical CPU sockets of the server, regardless if they are actively being used by the application or not. The vendor shall be left nameless but I am sure some of you can make some educated guesses 🙂 The customer was in the process of performing a hardware refresh where they would be moving from a 4 socket CPU to an 8 socket CPU and they would be negatively impacted by this change from a licensing standpoint. I can understand their concerns, they have now just doubled their application licensing cost without actually benefiting from the actual hardware update.

Unfortunately, after a bit more research, I found that it is not possible to reduce or limit the number of physical CPU sockets from ESXi. The only capability that we do have today around this topic is to limit the number of Logical CPUs that ESXi can see. This capability is exposed as an ESXi Advanced Setting called VMkernel.Boot.maxPCPUS and by default, this is set to unlimited as you would expect. What this setting does is takes the total number of logical CPUs that you wish to expose to ESXi and then evenly distributes that across your physical CPU Sockets as best as it can.

You can change this setting using a variety of methods including the vSphere Web Client, vSphere C# Client, ESXi Embedded Host Client, vSphere API which includes ESXCLI & PowerCLI. One alternative which I have seen some postings online about which is the ability to turn off specific CPU sockets for certain hardware platforms by using the system BIOs, having said that, I have not actually seen any real confirmation that this is in fact possible.

Below are screenshots using the vSphere C# & ESXi Embedded Host.

limit-maximum-physical-cpu-in-esxi-0

limit-maximum-physical-cpu-in-esxi-1
If you prefer to to use the CLI either locally or remotely, you can run the following ESXCLI commands:

List the current configurations

esxcli system settings kernel list -o maxPCPUS

Set a new configuration

esxcli system settings kernel list -s maxPCPUS -v 4

limit-maximum-physical-cpu-in-esxi-2

Automating vRealize Automation 7 Minimal Install: Part 2 - vRA IaaS Agent Deployment

by // 2 Comments

In Part 2 of this blog series, we will be looking at automating the installation of the vRA IaaS Management Agent which needs run on a Microsoft Windows system. The IaaS Management Agent installer is provided through the vRA Appliance which you can downloaded by opening a browser to the following URL:

https://[VRA_APPLIANCE_HOSTNAME]:5480/installer/download/vCAC-IaaSManagementAgent-Setup.msi

When installing the agent, you will need to provide information about the vRA Appliance that you wish to register the IaaS Management Agent with. The following Powershell script called installvRAIaaSAgent.ps1 will automatically download the vRA Iaas Management Agent from the vRA Appliance and then perform a silent installation. There are 5 mandatory variables that you will need to edit before running the script and the table below describes each of their functions:

Variable Description
VRA_APPLIANCE_HOSTNAME  Hostname or IP of vRA Appliance
VRA_APPLIANCE_USERNAME  Username of vRA Appliance (default: root)
VRA_APPLIANCE_PASSWORD  Password of vRA Appliance
VRA_APPLIANCE_AGENT_DOWNLOAD_PATH  Path to store vRA Agent (optional)
VRA_APPLIANCE_AGENT_INSTALL_LOG  Path to store vRA Agent install logs (optional)
VRA_IAAS_SERVICE_USERNAME OS username to the vRA IaaS Windows System
VRA_IAAS_SERVICE_PASSWORD OS password to the vRA IaaS Windows System

Here is an example of running the script on my vRA IaaS Windows system:

automating-vrealize-automation-7-iaas-agent
In the final part of this series we will take a look at automating the configuration of both the vRA Appliance which includes Horizon SSO and the vRA IaaS Windows system which includes the various IaaS components.