Assuming that you already downloaded the SaltStack Config binaries in this guide we will go over the deployment of SaltStack Config in an existing VRA 8.3 environment via Lifecycle Manager 8.3
Log on to Lifecycle Manager -> Go to environments, on the vRA environment click on the Menu and go to Add Product
Select the checkbox next to vRealize Automation SaltStack Config and click Next
Review the EULA, click on the agree box on the bottom of the page and click on next
Click on Select and select a vrealize or vra advanced\enterprise. Clieck on the validate button and click next
Select an existing certificate or click on the + sign and generate a new certificate. In my case i didnt have a certificate created so im going to create a new one. If you already have a certificate this step can be skipped.
Complete the fields and click on generate
Now the list is populated with the certificate we just created. Click Next
Select the infrastructure details and click on Next
Verify the network details and click next
If the tenant list is empty a sync of vra is required
To do this we can go to Environments. Dont worry the progress will be saved
View details
Click on submit
Once the sync is complete we can go back to requests
Under requests click on Pending Action
Complete the details and click next
Click on Run precheck in order to make sure everything is in a working order
If everything looks good click on Next
Verify the summary and click on Submit
LCM will go through everything needed to. As we can see theres allot of steps that otherwise would need to perform manually
Get a cup of coffee and wait. In my case it took about 13 minutes for the installation to finish
In this guide i will go over the deployment of vRA 8.3 using the Easy Installer. The reason i like the Easy Installer is because it deploys everything that i need. vIDM, Lifecycle Manager as well as vRA.
To get started we need to download the installer from here.
Once downloaded mount the iso as a drive using your favorite tool or extract it as a archive using something like 7-zip
Once mounted go to the CDROM in the mac directory if on mac or win32 if you are on windows. In here run the installer file
We will be presented with the following window:
The migration option allows us to migrate from from vRSLCM 2.1 to 8.3, it can migrate Datacenter and vCenters, all existing environments, DNS, SNMP, NTP, My VMware, proxy details, migration of vIDM installation as well as Blackstone Content endpoints. For the purpose of this guide we will process with the Install option
Once we click Install we will be presented with an Introduction of what components will be included part on the installation. In my case i can see vRealize Automation 8.3, Lifecycle Manager 8.3, Identity Manager 3.3.4.
Click Next, Review, accept the agreement and click next
Provide the vCenter details and click next. In my case i used the administrator account. A detailed list of permissions needed for deployment can be found here
Sections 4, 5, 6 and 7 are straight foward so i will skip them
In section 8 select a password that will be used across all products for the local usernames. ex for LCM root and local admin, vIDM admin, sshuser, root etc
Select a VM name for the Lifecycle Manager appliance and its ip credentials. If you are expecting a large repository in lifecycle manager we can add additional disk under the Increase Disk Size in GB section.
The FIPS Mode compliance option enforces FIPS compliance, however keep in mind that with the FIPS mode enabled there are limitation on what the product can do. This can be disabled later and re enabled as needed.
Complete the fields and click next
The next portion is vIDM. In case there is an existing vIDM appliance in the environment we can also import and existing vIDM appliance. In my case i will deploy a new one.
One important option under vIDM is the Sync Group Members to the Directory When Adding Group. When enabled, members of the groups are synced when groups are added from Active Directory. When this is disabled, group names are synced to the directory, but members of the group are not synced until the group is entitled to an application or the group name is added to an access policy. Note: Post deployment this value cannot be changed from vRealize Suite Lifecycle Manager. To update this field post deployment, navigate to VMware Identity Manager
My configuration page looks like this:
The next section is the vRA Configuration. In here we have a couple of options. We can perform a standard 1 node deployment or a cluster deployment which includes 3 appliances. The FIPS Compliance mode enables FIPS compliance. Unlike LCM this mode cannot be disabled after the deployment. This disables a number of options in vRA from an LCM perspective. Please make sure that its only enabled if required.
The advanced configuration at the bottom of the page includes the option to change the internal Kubernetes cluster and Service ip range. This is useful if the default range is already in use on the internal network. We want to make sure we pick an ip range thats not used somewhere else in order to avoid conflicts. Once complete click next
The next page gives us a summary of our deployment and we can click submit to start the deployment.
Next we are presented with the installation process. We can follow it along, in my environment the full deployment took about 1.5 hrs
After the install is complete we are presented to links for the different services
Next i would recommend LCM certificate management found here
I wanted to give my users the capability to create a snapshot but limit them to only 1 snapshot and have a predefined description from the snapshot so i can know that it was taken from vRA.
For the purpose of this i will be using a customer workflow in Orchestrator and Resource Actions and in Cloud Assembly.
Since Orchestrator comes with a number of pre defined workflows in always like to jump start by find something thats similar with what im trying to do. For the purpose of this we will be using the Create Snapshot Workflow.
To get started we can go to Orchestrator -> Workflows -> search for Create a snapshot. Once found we can click on Actions -> Duplicate
We can see that a Copy has been created. We will modify this so it can fit the custom specifications required.
Click on Open on the Copy:
Change the name to something more meaningful like VM Snapshot
Click on Variables, select all the variables and click Delete
Click on New, give it a title like errMachineHasSnapshot and a value thatw ill displayed if a VM has an existing snapshot like The virtual machine already has a snaphost. Please delete this snapshot before trying this action again. Click Create
Click on the Schema tab and delete the existing items by clicking on the red x on the top right corner
Drag and drop from the left a Decision, throw exception and a workflow element in to the canvas
I named the first step VM Has Snapshot?. Under inputs i added vm. It would look like the screenshot below
Under the javascript we will be using this code
var snapshots = System.getModule("com.vmware.library.vc.vm.snapshot").getAllSnapshotsOfVM(vm) ;
if (snapshots == null || snapshots.length == 0) {
// No snapshots found; proceed with creating a new one
return true;
} else {
// Found at least one snapshot; end the workflow
return false;
}
The error handling Exception Handling we will be using the previously created errMachineHasSnapshot
The workflow element should look like this after selecting the Workflow Create a snapshot
The next step is to fix the inputs. We will be removing the Choose the VM tab by clicking on the x
We will be replacing the first item with vm and the display type
It should look like this:
In the end we should have the following:
Next go to Actions and click on New Action
Give it a Name and a Module name
Under Script type in
var allVms = VcPlugin.getAllVirtualMachines();
for (var I in allVms) {
if (allVms[I].name === name) {
return allVms[I];
}
}
return null;
Under the Return type enter VC:VirtualMachine. Under the Inputs type in name and click Create on the bottom left
Once were done we can save it and move on to Cloud assembly to create the resource action
Go to Cloud Assembly -> Design -> Resource Actions click on new resource action
In the name field type something like CustomSnapshot, Display name VM Snapshot, give a description and toggle the activate switch to on
Under Resource type click on add pick Cloud.vSphere.Machine
Under Workflow click Add and pick VM Snapshot
In the Property Binding pick getVmByName action and under string enter ${properties.resourceName}
On the bottom click on edit request parameters
click on vm and change the Label to Reason and Display type to DropDown
Under Values Type in the options that you want to have shown Separated by , ex: Patching,New Release
Under Constraints make it as required by Picking Yes in the required field
The other fields and options can be modified as needed
Once everything is saved we can test out the Day 2 action by going to an existing deployment and trying to create a snapshot. We can see in the menu an additional option all the way to the bottom:
When choosing the option we can see the custom form that we filled in earlier
After a recent deployment of VRA 8 with a trial key in my lab i realized that my key was about to expire. It was time to get it changed with my production key. The key can be changed via Lifecycle Manager or via CLI.
Changing the vRealize Automation 8 License key via Lifecycle Manager
To change the license via lifecycle manager we need to go to Lifeycle Manager -> Locker -> License
In my case i already deleted the vra key. Next step is to click Add, give it a name and enter the new license key, click Validate and click Add
Alternatively Lifecycle Manager can download it from the my vmware account. Next we can go to Lifecycle Operations
We can find our Product under Environments -> View Details under the environment where the product is -> Select the product in this case VRA -> select options -> Add license
At the Select License windows select the new license we added and click finish. We are taken to the Request Details window and we can follow the progress
With that the license change is complete. We can follow the same process to change the license key for any of the other products that are managed by Lifecycle Manager
Changing the vRealize Automation 8 License key via CLI
The first step is to log in to the VRA appliance via ssh and run the “vracli license current” command. This will display the current installed license and its expiration date .
In order to replace the license we need to add the new license using “vracli license add new-license-key” then in order to remove it we need to run “vracli license remove old-license-key” . If we are unsure which license is active running the command “vracli license” will display all license keys installed.
