WilliamLam.com

Automating vRealize Automation 7 Minimal Install: Part 4 - vRA IaaS Configuration

by // 14 Comments

If you have been following the blog series thus far, we have covered deploying the vRA 7 Virtual Appliance, installing the vRA IaaS Management Agent on a Microsoft Windows system which will run the various IaaS components and then finally configuring the vRA Virtual Appliance which includes setting up the VMware Identity Manager (Horizon SSO). Before proceeding to the vRA IaaS installation, you will need to make sure that you have completed all three of steps above.

In addition, there are some other prerequisites (more details here) that are required on the Microsoft Windows system in which you plan to install the vRA IaaS components, namely an instance of Microsoft SQL Server running and various Windows configuration tweaks required by the installers. I will not be covering the installation of the DB, so this will be something you will need to either manually install or automate using a silent installer for SQL Server. For the pre-checks, although this is also not covered in the script, I will show you how you can run the same tool on the Windows system like you would using the new vRA 7 Guided Wizard. The tool will identify any configuration issues found and then also allow you to easily remediate them within the tool, which is an awesome feature in my opinion.

You can find the vRA IaaS Pre-req Checker tool on the vRA Appliance under the following path:

/opt/vmware/share/htdocs/service/iaas/download/PrereqChecker.zip

You will then need to SCP the PrereqChecker.zip file onto your Windows system that you plan to run the vRA IaaS components. Next, extract the contents of the zip and launch the PrereqChecker.exe. Before clicking on the "Run Checker" button, make sure you have enabled the IIS role, else the tool can not run all prechecks. The instructions are located to the right of the screen and once that has been completed, you can then run the precheck tool. For any issues that have been identified, you can remediate by clicking on the "Fix Issue" button. Once all prechecks have passed, you can then move onto the vRA IaaS installation.

automate-vrealize-automation-7-iaas-comonents
Note: I was a bit surprised to see that the PrereqChecker.zip could not be downloaded directly from the vRA Appliance like the other installers by simply opening a browser to the following URL:

https://[VRA-HOSTNAME]:5480/installer/PrereqChecker.zip

It turns out there an index.py script which defines which files can be downloaded without authentication. If you wish to change this behavior, you can run the following snippet on the vRA Appliance and then you can download the zip file directly from the browser which can be useful from an automation standpoint.

sed -i "s/'DBUpgrade.zip'/'DBUpgrade.zip','PrereqChecker.zip'/g" /opt/vmware/share/htdocs/service/iaas/index.py

If you have made it to this point, we are now ready to get our automation on! We will be installing the following vRA IaaS components which are listed below onto the Windows system which has the vRA IaaS Management Agent running.

  • SSL Certificate for Web and Manager Service
  • Database
  • Web API (WAPI) Service
  • Manager Service
  • DEM Orchestrator
  • DEM Worker
  • vSphere Agent

The automation will be completely driven from within the vRA Virtual Appliance using the configurevRA-IaaS.sh shell script. This is possible because we had deployed the vRA IaaS Management Agent earlier which will act as a proxy for all component installations. There are 9 variables that you will need to edit prior to running the script and you can find their descriptions below.

Variable Description
HORIZON_SSO_PASSWORD SSO Password that you had configured earlier
VRA_IAAS_HOSTNAME Hostname of the Windows system running vRA IaaS Components
VRA_IAAS_USERNAME Username for the Windows system
VRA_IAAS_PASSWORD Password for the Windows system (e.g. vra-iaas\administrator)
VRA_DATABASE_HOSTNAME Hostname of the Windows system running SQL Server (should be same as vRA IaaS system)
VRA_DATABASE_NAME Database name
VRA_DATABASE_USERNAME Database username (assumes Windows Auth)
VRA_DATABASE_PASSWORD Database password (assumes Windows Auth)
VRA_DATABASE_SECURITY_PASSPHRASE Security passphrase

Once you have saved your changes, you can then run the script on the vRA Appliance as shown in the screenshot below. All verbose output is stored in /var/log/vra-iaas-configuration.log and you will be able to see the high level operations displayed in the console. The entire process can take anywhere from 10-20 minutes depending on your environment and what you will looking for are the "INSTALLED SUCCESSFULLY" messages which I have highlighted in green below. If you have met all prereqs, you should not run into any issues but if you do, the script will output the specific errors from each of the installers.

automate-configuration-vra-iaas
Once the script has completed, you will now have a fully functional vRA 7 deployment which includes both the vRA Appliance as well as the vRA IaaS components! I would also like to give a big thanks to both Kim Delgado for connecting me with some of the vRA Engineering folks as well as a huge thanks to Dora L. from the vRA Engineering for assisting me with parts of the IaaS installation.

Automating vCAC (vCloud Automation Center) 6.0 IaaS & SQL Server installation

by // 14 Comments

Apparently I decided to take on my own challenge of trying to figure out how to automate the installation of the vCAC 6.0 Windows component called IaaS after finishing up my automating vCAC (vCloud Automation Center) 6.0 identity & appliance configuration blog article. Perhaps I am a glutton for punishment as my friend Steve Kaplan would say 🙂

Note: One thing I would like to point out is that before attempting any type of automation is to make sure you thoroughly understand the process that you are trying to automate. This means you should go through the manual process at least once, if not a couple mores times to figure out what exactly is happening. In my particular case, I had to gone through several dozen snapshot reverts to test various things before getting to this end state and this was only made possible with the use of VMware Snapshots.

The vCAC IaaS installer is provided by the vCACVA (vCAC Virtual Appliance) at the end of its configuration an installer is made available for download which contains the IP Address of the vCAC Identity VA (SSO) in the file name. vCAC IaaS is actually made up of several components and the diagram below will help illustrate what is being installed on the Windows Server.

After going through the initial installation, I noticed some interesting logs being generated on the UI console as well as configuration files being referenced. This is where I began the somewhat painful (spent close to 14+hrs) process of figuring out how to automate the installation of vCAC IaaS which also includes a SQL Server component as that is not part of the default installation if one does not already exists. My ultimate goal was to be able to automate the entire installation of vCAC (Virtual Appliances which I have shown in my previous blog article) as well as the Windows components for IaaS so that a customer can quickly and easily stand up an environment for testing and proof of concepts.

To automate the vCAC IaaS component I have created a shell script called createVCACIaaSInstallerScripts.sh that you can run inside the vCAC VA appliance. The script generates a new Windows batch script along with a couple of configuration files that will be executed on the Windows system that will be running IaaS. You can think of this as script inception 🙂 and the generated batch script will contain all the necessary information to install SQL Server Express as well as IaaS components without any user intervention.

Before getting started, you should manually go through the prerequisites below and though these can be automated, depending on your Windows setup, you may need to make some additional tweaks and that is why I have left this portion out of my script. In my environment I am using a Windows Server 2008 R2 64-bit system and this is what tested the script in. YMMV if you are using something different.

Prerequisites:

Step 1 - Download the createVCACIaaSInstallerScripts.sh onto your vCAC VA appliance. Before executing the script, you will need to edit a couple of variables which are listed below with their descriptions.

VCAC_HOME_DIRECTORY - This is the directory on the vCAC IaaS server in which all the configuration and executables will be located in (default: C:\Users\\Administrator\Desktop\VCAC). You will need to escape the forward slash by using double slashes as noted in script.
VCAC_IAAS_SHORT_HOSTNAME - The short hostname of the vCAC IaaS system
VCAC_SSO_HOSTNAME - The FQDN hostname of your vCAC Identity system
VCAC_SSO_PASSWORD - The SSO Administrator password for *protected email*
VCAC_VA_HOSTNAME - The FQDN hostname of your vCAC VA system
VCAC_SERVICE_USER - The Windows account used to install vCAC IaaS (e.g. system\username)
VCAC_SERVICE_PASSWORD - The password to the above account
VCAC_SECURITY_PASSPHRASE - The security passphrase for the IaaS components
VCAC_DATABASE_INSTANCE_NAME - The name of the SQL Server Instance (default: VCACSQLEXPRESS)
VCAC_DATABASE_NAME - The name of the vCAC Database (default: vCAC)
EMAIL_SERVER - The hostname of an email server if you have one
EMAIL_PASSWORD - The password to the email server if you have one

Step 2 -  Once you have finished editing the script you can then execute the script on the vCAC VA. The script will NOT perform any changes but will actually generate the following four files:

  • vGhetto-SQLServerConfigFile.ini - SQL Server silent install config
  • vGhetto-VCAC-ServerConfigFile.xml
    - vCAC Core silent install config
  • vGhetto-VCAC-WAPIConfigFile.xml
    -  vCAC WAPI silent install config
  • installVCACIaaS.bat - Script that performs both SQL Server install & vCAC IaaS

Note: This article came in handy while creating the SQL Server silent install configuration file, however it did not mention the odd/stupid quirks one had to go through to generate the config file by using some additional install flags.

Here is a screenshot of what the output looks like when running the script:

Step 3 - You will need to transfer these four files via SCP to your Windows Server that will be running IaaS. In addition, there also four Windows executables that are stored on the vCACVA that you will also need to transfer to your IaaS system. The following files are all stored in /opt/vmware/share/htdocs/service/iaas/download

  • vCAC-Server-Setup.exe
  • WorkflowManagerInstaller.msi
  • VrmAgentInstaller.msi
  • vCAC-Wapi-Setup.exe

Step 4 - You will need to download the SQL Server Express installer onto your IaaS system. In my environment I used SQL Server 2008 R2 Express and the expected file name is SQLEXPR_x64_ENU.exe which is stored as a variable within the script. If you choose to use a different version, this may or may not work.

Step 5 - We are almost there! To make things easier, we had you defined a directory in which all the configuration and executables will be stored in and by default this is C:\Users\\Administrator\Desktop\VCAC You should have the following nine files within this directory:

  1. installVCACIaaS.bat
  2. SQLEXPR_x64_ENU.exe
  3. vCAC-Server-Setup.exe
  4. vCAC-Wapi-Setup.exe
  5. vGhetto-SQLServerConfigFile.ini
  6. vGhetto-VCAC-ServerConfigFile.xml
  7. vGhetto-VCAC-WAPIConfigFile.xml
  8. VrmAgentInstaller.msi 
  9. WorkflowManagerInstaller.msi

Step 6 - Finally, the hardest part 🙂 either double click onto the installVCACIaaS.bat file or what I would recommend is to run it from the cmd prompt. There are no additional configuration or tweaks required as the original shell script has done all the heavy lifting unless you provided the wrong information. The script will start off by installing SQL Server Express and then moving onto the various vCAC components. In total it takes about 20minutes and there are timestamps on when each component has finished installing, so you can get a cup of coffee, tea or beer and check out other cool articles on virtuallyGhetto.com 😉

Here is a screenshot of executing the bat script:

So there you have it! A complete automated installation of vCAC IaaS including a SQL Server database as part of the install. You can now combined this with my earlier article for automating both the vCAC Identity VA as well as the vCACVA to fully standup a vCAC environment in a little under 30 minutes. The scripts provided are very rudimentary as you can see I went a bit old school using bat scripting and I am sure there are a variety of enhancements that can be made to the script such as validating the files exists before starting and also waiting on each process before moving onto the next.

I also want to point out though the end solution looks like a trivial single script that a user executes, it took MANY MANY hours to figure out all the intricacies of the vCAC silent install process by looking at the various log files, configuration files and lots of snapshot reverts. In my opinion, this tells me we have more work to do on our installers not only making it easy and trivial to install from a UI point of view but also for automated silent installations. One should not have to reverse engineer various log and configuration files to be able to easily deploy 5, 10, 50 additional instances of vCAC or any other product for that matter. The user experience should be exactly the same and I hope this an area where we will continue to improve upon.

Lastly, this will probably be my last blog post for 2013. I am looking forward to some downtime in next couple of days before heading off to our much belated honeymoon in Asia for 3 weeks. I wish everyone Happy Holidays and a Happy New Years and see you in 2014!

Automating vCAC (vCloud Automation Center) 6.0 Identity & Appliance configurations

by // 9 Comments

vCloud Automation Center (vCAC) 6.0 was released a couple of weeks ago and I have been wanting to give it a spin in my lab, especially given the new architecture and distribution form factors (Virtual Appliances + Windows). vCAC 6.0 is now comprised of three core components: Identity VA (standalone Single-Sign On Server), vCAC VA and IaaS which is still based on Microsoft .NET and will still require a Windows Server. Given the first two components are Virtual Appliances, my first intuition was to automate the configuration so I would not have to manually go through the various configuration screens using the VAMI interface.

Note: For new users of vCAC that want to get up running and fast, I highly recommend checking out Kendrick Coleman's fantastic vCAC 6.0 installation blog article series which includes step-by-step instructions and screenshots. Jad El-Zien, a Principal Engineer for VMware also has a nice collection of vCAC 6.0 installation videos but is based off of an earlier vCAC 6.0 beta (there are some things that have changed) that you can also check out if you prefer watching a video.

I initially started out with the VAMI since I have never worked with vCAC before. While the Virtual Appliances were getting configured I was also paying close attention to the logs that were being generated and the contents gave me an idea this was possible. I would also like to thank some of the folks from the vCAC Engineering team who helped answered a couple of my questions that had me stuck for a couple of days. Reverse engineering can only take you so far ... at least if you want an answer relatively quickly 😉

To that, I have created two shell scripts which will fully automate the configuration of both the vCAC Identity VA as well as the vCAC VA without any additional user interaction. The first script that we will take a look at is called configureVCACIdentity.sh and it there are a couple of variables you will need to edit before running the script. The script makes primarily make uses of the following CLI commands within the vCAC VA:

  • /opt/vmware/share/vami/custom-services/bin/vami
  • /opt/vmware/share/vami/vami_set_timezone_cmd
  • /usr/lib/vmware-identity-va-mgmt/firstboot/vmware-identity-va-firstboot.sh
  • /opt/likewise/bin/domainjoin-cli

Here are the variables and their corresponding descriptions:

VCAC_SSO_PASSWORD - Password for SSO Administrator account
VCAC_SSO_HOSTNAME - Hostname of Identity VA (FQDN)
TIMEZONE - Timezone to configure the VA (complete list in /usr/share/zoneinfo)
NTP_SERVERS - NTP Servers (comma separated list)
JOIN_AD - 1 or 0 which determines if you want to join Active Director Domain
AD_DOMAIN - AD Domain Name
AD_USERNAME - AD Username
AD_PASSWORD - AD Password

Here is an example of running the configureVCACIdentity.sh script:

To reduce the amount of output on the screen, there is a detailed log file called vghetto-vcac-id.log that is generated by the script and can be found in the home directory of the root account when logging in via SSH.

You can verify everything was successfully configured by logging into the vCAC Identity VA by going to the VAMI URL: https://[VCAC-IDENTITY-VA-HOSTNAME]:5480

The second script is called configureVCACVA.sh which will configure and setup the vCAC VA. It performs a number of operations including generating a Self-Signed SSL Certificate and connecting to the vCAC Identity VA and licensing the vCAC VA which is required before moving onto the installation of the IaaS component. The vCAC service takes a couple of minutes to fully initialize and you will notice the script will sleep for 5 minutes which is approximately how long it takes before performing the final task of licensing vCAC. The script makes primarly make uses of the following CLI commands within the vCAC VA:

  • /opt/vmware/share/vami/vami_set_timezone_cmd
  • /usr/bin/openssl
  • /usr/java/jre-vmware/bin/keytool
  • /usr/sbin/vcac-config
  • /usr/sbin/vcac-vami

Here are all the variables you will need to edit before running the script. 

VCAC_SSO_SERVER - Hostname of Identity VA (FQDN)
VCAC_SSO_PASSWORD - Password for SSO Administrator account
VCAC_VA_HOSTNAME - Hostname of vCAC VA (FQDN)
NTP_SERVERS - NTP Servers (comma separated list)
TIMEZONE - Timezone to configure the VA (complete list in /usr/share/zoneinfo)
SSL_CERT_ORGANIZATION - Self-Sign SSL Cert organization name
SSL_CERT_ORGANIZATION_UNIT - Self-Sign SSL Cert organization unit name
SSL_CERT_COUNTRY - Self-Sign SSL Cert country
SSL_CERT_STATE - Self-Sign SSL Cert state
SSl_CERT_CITY - Self-Sign SSL Cert city
SSL_CERT_EMAIL - Self-Sign SSL Cert email address
VCAC_LICENSE_KEY - vCAC license key

Here is an example of running the configureVCACVA.sh script:

To reduce the amount of output on the screen, there is a detailed log file called vghetto-vcac-va.log that is generated by the script and can be found in the home directory of the root account when logging in via SSH.

You can verify everything was successfully configured by logging into the vCAC Identity VA by going to the VAMI URL: https://[VCAC-VA-HOSTNAME]:5480

Once you have finished configuring both vCAC Identity VA and vCAC VA you will now be able to login to the vCAC VA portal by going to the following URL: https://[VCAC-VA-HOSTNAME]/shell-ui-app/

In just under 10 minutes you can have a fully configured a vCAC Identity VA and vCAC VA without having to go through multiple configuration screens using the VAMI interface. This is also great for unattended deployments or POC (Proof of Concepts) to quickly standup two out of the three core components for vCAC. I am sure for folks that are more familiar with Windows can probably even automate the IaaS component installation of vCAC, however be aware that also has some additional dependencies such as installing a particular version of .NET and SQL Server. I will leave that automation as a task for the reader 😉

UPDATE (12/23/13) - Take a look at this article for automating vCAC IaaS + SQL Server installation.