Documente Academic
Documente Profesional
Documente Cultură
Table of Contents
Lab Overview HOL-2073-02-CMP - What's New in vRealize Automation 8 ........................ 3
Lab Guidance .......................................................................................................... 4
Module 1 - Foundation - Getting Started with vRealize Automation (15 minutes)............. 9
Introduction........................................................................................................... 10
Update The Lab Files Repository If Not Already Done ........................................... 13
Configure Public Cloud Accounts If Not Already Done ........................................... 17
Understanding Cloud Accounts and Cloud Zones.................................................. 20
Understanding Projects In Cloud Assembly ........................................................... 30
Understanding Mappings for Cloud Abstraction .................................................... 33
Understanding Network Profiles ............................................................................ 37
Conclusion............................................................................................................. 40
Module 2 - Building Blueprints with Cloud Assembly (45 minutes) ................................. 41
Introduction........................................................................................................... 42
Introduction to Cloud-Agnostic Infrastructure-as-Code ......................................... 47
Configure Public Cloud Accounts If Not Already Done ........................................... 50
Creating Your First Application Blueprint ............................................................... 53
Creating A Cloud Agnostic Blueprint ..................................................................... 78
Managing your resource infrastructure with tags.................................................. 94
Conclusion........................................................................................................... 120
Module 3 - Integration with GitHub, NSX-T On-Demand Networking and Infoblox (45
minutes)........................................................................................................................ 121
Introduction......................................................................................................... 122
Overview GitHub Integration and Configuration in Cloud Assembly ................... 123
Synchronize GitHub Sourced blueprint to Cloud Assembly ................................. 128
Overview of vRealize Automation 8 and NSX-T On-Demand-Network
Integration .......................................................................................................... 144
Review and Deploy in Cloud Assembly with NSX-T On-Demand Networking ...... 149
Validate and Test CentOS Deployments with NSX-T On-Demand Networking ..... 163
Infoblox Overview ............................................................................................... 178
Configure IPAM Infoblox Plugin............................................................................ 179
Review Infoblox Prerequisites and Configure Cloud Assembly Network Profile ... 183
Deploy Infoblox CentOS VM ................................................................................ 197
Conclusion........................................................................................................... 212
Module 4 - vRealize Automation Extensibility Basics (45 minutes) ............................... 213
Introduction to Extensibility ................................................................................ 214
Creating an Action-based Extensibility (ABX) Action ........................................... 217
Creating a Compute Provisioning Subscription ................................................... 225
Creating a Compute Provisioning Post Subscription ............................................ 238
Conclusion........................................................................................................... 263
Module 5 - Managing Content in Service Broker (45 minutes) ...................................... 264
Introduction to Service Broker............................................................................. 265
Accessing Service Broker .................................................................................... 267
HOL-2073-02-CMP Page 1
HOL-2073-02-CMP
HOL-2073-02-CMP Page 2
HOL-2073-02-CMP
Lab Overview
HOL-2073-02-CMP -
What's New in vRealize
Automation 8
HOL-2073-02-CMP Page 3
HOL-2073-02-CMP
Lab Guidance
A note about vRealize Automation consumption and licensing models: With the
release of vRealize Automation version 8, the same code base is used for both the on-
premise installed version, vRealize Automation, and the software as a service (SaaS)
delivered version, vRealize Automation Cloud. VMware gives you the choice now of
having the same workload automation and management solution experience regardless
of whether you decide to deploy it as a virtual appliance and run it in your data center
or whether you prefer to consume it as a service hosted in the could and managed by
VMware.
While this lab happens to use the vRealize Automation version 8.0 , what you see and
learn here will be equally applicable to vRealize Automation Cloud.
If you are looking for Hands On Labs for vRealize Automation version 7.6 or more in-
depth information on vRealize Orchestrator, please see the Hands On Lab catalog for
labs with SKUs beginning with "HOL-1921".
It may take more than 90 minutes to complete this lab. You should expect to only finish
2-3 of the modules during your time.
In this lab, you will use VMware vRealize Automation 8.0 to define, govern, budget,
build, manage, monitor and share the release of your application infrastructure rapidly
and reliably. You will learn how to create application patterns in Cloud Assembly, curate
application blueprints and make them available in Service Broker. You will also learn to
integrate development tools into a continuous delivery pipeline with Code Stream.
The Table of Contents can be accessed in the upper right-hand corner of the Lab
Manual. From the Table of Contents you can jump to any point in the lab manual.
If you are new to VMware Hands On Labs, it is recommended that you continue through
this Lab Guidance section to learn about some of the lab manual features and some tips
on how to copy text from the manual into the console. However, if you want, you can
HOL-2073-02-CMP Page 4
HOL-2073-02-CMP
jump to the student check-in process (module 1) and proceed from there to any of the
other lab modules.
Lab Captains:
This lab manual can be downloaded from the Hands-on Labs Document site found here:
http://docs.hol.vmware.com
This lab may be available in other languages. To set your language preference and have
a localized manual deployed with your lab, you may utilize this document to help guide
you through the process:
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
HOL-2073-02-CMP Page 5
HOL-2073-02-CMP
1. The area in the RED box contains the Main Console. The Lab Manual is on the tab
to the Right of the Main Console.
2. A particular lab may have additional consoles found on separate tabs in the upper
left. You will be directed to open another specific console if needed.
3. Your lab starts with 90 minutes on the timer. The lab can not be saved. All your
work must be done during the lab session. But you can click the EXTEND to
increase your time. If you are at a VMware event, you can extend your lab time
twice, for up to 30 minutes. Each click gives you an additional 15 minutes.
Outside of VMware events, you can extend your lab time up to 9 hours and 30
minutes. Each click gives you an additional hour.
During this module, you will input text into the Main Console. Besides directly typing it
in, there are two very helpful methods of entering data which make it easier to enter
complex data.
You can also click and drag text and Command Line Interface (CLI) commands directly
from the Lab Manual into the active window in the Main Console.
HOL-2073-02-CMP Page 6
HOL-2073-02-CMP
You can also use the Online International Keyboard found in the Main Console.
1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.
In this example, you will use the Online Keyboard to enter the "@" sign used in email
addresses. The "@" sign is Shift-2 on US keyboard layouts.
HOL-2073-02-CMP Page 7
HOL-2073-02-CMP
When you first start your lab, you may notice a watermark on the desktop indicating
that Windows is not activated.
One of the major benefits of virtualization is that virtual machines can be moved and
run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the
labs out of multiple data centers However, these data centers may not have identical
processors, which triggers a Microsoft activation check through the Internet.
Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft
licensing requirements. The lab that you are using is a self-contained pod and does not
have full access to the Internet, which is required for Windows to verify the activation.
Without full access to the Internet, this automated process fails and you see this
watermark.
Please check to see that your lab is finished all the startup routines and is ready for you
to start. If you see anything other than "Ready", please wait a few minutes. If after 5
minutes your lab has not changed to "Ready", please ask for assistance.
HOL-2073-02-CMP Page 8
HOL-2073-02-CMP
Module 1 - Foundation -
Getting Started with
vRealize Automation (15
minutes)
HOL-2073-02-CMP Page 9
HOL-2073-02-CMP
Introduction
VMware vRealize Automation 8.0 is the latest release of vRealize Automation is built on
a modern container-based microservices architecture. The shift to containers means
management, configuration, and future upgrades have been dramatically simplified.
Also the new architecture offers significantly improved scalability and performance, with
flexible deployment options. Previous versions of vRealize Automation required at least
two virtual machines (VMs), including the need to run portions of the architecture on a
Windows server. vRealize Automation 8 removes the need to run Windows. Additionally
all vRealize Automation services now run within a single VM with sufficient scale and
performance for many customer. If additional horsepower is needed and high availability
is a requirement, vRealize Automation 8 supports a three node cluster configuration
which adds scale and high availability. Scale can also be improved through increasing
VM compute resources.
Lab Captains :
vRealize Automation 8 has been designed from the ground up to simplify and speed up
building, managing and using a hybrid cloud environment.
HOL-2073-02-CMP Page 10
HOL-2073-02-CMP
HOL-2073-02-CMP Page 11
HOL-2073-02-CMP
Constructs Mapping
As we all know there are lot of changes in the new modern architecture of vRealize
Automation 8.0 , this section gives you a quick relational understanding of constructs
used in older version of vRealize Automation with newer vRealize Automation 8.0 and
vRealize Automation Cloud effectively. The following module explains elaborately about
each concepts.
Summary
In this section, you learned about the new architecture and key features of vRealize
Automation 8.0.
Move onto the next lesson where we will understand the new terminologies/concepts
introduced in vRealize Automation 8.0 to simplify the IT service delivery through a
modern architecture.
HOL-2073-02-CMP Page 12
HOL-2073-02-CMP
1. Double-click the GitHub Desktop icon on the desktop of your lab environment
desktop or click the GitHub Desktop icon in the taskbar of your lab environment
desktop
HOL-2073-02-CMP Page 13
HOL-2073-02-CMP
To synchronize the repository on the local machine with the online repository,
HOL-2073-02-CMP Page 14
HOL-2073-02-CMP
Now the files have been synchronized to the local repository. You can now:
1. View and edit text files in the repository directly in the Microsoft Visual Studio
Code editor; or
2. Access the files in Windows Explorer
HOL-2073-02-CMP Page 15
HOL-2073-02-CMP
Your files will still be accessible in the Lab Files folder on the desktop of the Main
Console computer or from Microsoft Visual Studio Code.
HOL-2073-02-CMP Page 16
HOL-2073-02-CMP
There is a shortcut on the desktop that you will use to execute the script.
1. Click the bottom-right corner of the desktop next to the clock to minimize all
windows and show the desktop
The lab must be in a Ready state in order for the script to work. The cloud accounts
cannot be configured until vRealize Automation is fully up and running. The way for you
to know that it is ready, is to check the status of the lab environment on the desktop.
HOL-2073-02-CMP Page 17
HOL-2073-02-CMP
If you see anything other than Lab Status Ready on the desktop, do not proceed with
the following steps until the status changes to Ready.
Once you have verified that the lab status is Ready, Double-click the icon on the
desktop titled Configure Cloud Accounts to launch the script in a command prompt
window.
HOL-2073-02-CMP Page 18
HOL-2073-02-CMP
Hopefully your command prompt window will show that credentials were found and that
the public cloud related objects were created in vRealize Automation. If so, press any
key on your keyboard to close the window and then proceed with the lab.
There are a limited number of cloud accounts available for use with this Hands on Lab.
Depending on how many other people are taking the lab at the same time as you, there
may not be any credentials available now. If this is the case you will see output in the
command prompt window informing you that everything was successfully created. You
can still proceed with the lab but know neither the AWS nor the Azure public cloud
accounts will be available. If that happens, you can wait and try running the script again
later or stop the lab and re-launch it later.
HOL-2073-02-CMP Page 19
HOL-2073-02-CMP
The collected data includes the regions and data stores that you later associate with
cloud zones.
When you later configure cloud zones, mappings, and profiles, you select the cloud
account to which they are associated.
As a Cloud Assembly cloud account administrator, you create cloud accounts for the
projects in which team members work. Resource information such as network and
security, compute, storage, and tags content is data-collected from your cloud
accounts.
A Cloud Assembly cloud zone is a set of resources within a cloud account type such as
AWS, Azure or vSphere.
Cloud zones in a specific account region are where your blueprints deploy workloads.
Each cloud zone is associated with a Cloud Assembly project.
HOL-2073-02-CMP Page 20
HOL-2073-02-CMP
Authentication
1. After clicking on the bookmark , you will be authenticated with the credentials :
holadmin/VMware1!
HOL-2073-02-CMP Page 21
HOL-2073-02-CMP
HOL-2073-02-CMP Page 22
HOL-2073-02-CMP
5. As you can see, we have images of two different display options which are
available in vRealize Automation Cloud - list and card view. The above display
represents the card view. You can toggle between list view and card view using
the icons in the upper right hand corner of the display.
6. Four cloud accounts have already been created including AWS, Azure, vSphere
and NSX-T. Let's click on the AWS Cloud Account cloud account (in the card
view) or click OPEN on the AWS Cloud Account card to look a little deeper.
While each account type has it's own key differentiators, this AWS cloud account is fairly
representative.
HOL-2073-02-CMP Page 23
HOL-2073-02-CMP
1. In the status area, we can see both the last time that data and images were
synchronized with the cloud resource. We can also confirm that the resource is
available for deployment. There are buttons which allow us to force an image
sync as well as updating the availability status.
2. Each cloud provider has it's own method of authenticating. For AWS, we provide
for the required Access key ID and Secret access key used for authentication.
These credentials are both required for initial configuration of the cloud account
as well as making any configuration changes.
HOL-2073-02-CMP Page 24
HOL-2073-02-CMP
1. A name needs to be provided for our cloud account. We also have the option to a
description.
2. We can select regions (or other compute resource types like clusters as relevant
to the cloud vendor) into which we want to allow provisioning.
HOL-2073-02-CMP Page 25
HOL-2073-02-CMP
3. Lastly, we have the opportunity to provide any capability tags desired for the
cloud account. Capability tags enable you to define placement logic for
deployment of infrastructure components. They are a more powerful and
succinct option to hard coding such placements. In our current use case, we are
not using capability tags.
4. Let's click CANCEL to exit this cloud account configuration page.
Cloud Zones are a means of carving up the resources that Cloud Accounts present you.
As an example, you may have multiple clusters within a single vCenter. They probably
don't serve the same purpose, having been created for a functional or licensing
constraint. Dedicated Windows or Linux clusters are common patterns, as are clusters
placed in DMZs, or based on classifications. In security or compliance scenarios, these
clusters may all have their own vCenters, but there are many other use cases where
they will have a common vCenter.
If you have used vRealize Automation in the past and are thinking to yourself that Cloud
Zones sound like Reservations, fear not! Cloud Zones can be shared across multiple
groups of users, and are not limited by a 1:1 relationship.
HOL-2073-02-CMP Page 26
HOL-2073-02-CMP
Three tabs are available on the Cloud Zones configuration page. The first tab is the
Summary tab, it contains basic information about the AWS account as configured.
1. You can see the Cloud Account for which this zone is configured.
2. Later in this lesson, we will use capability tags which are configured for the cloud
zone.
3. Now let's click on the Compute tab to take a look at the information configured
there.
HOL-2073-02-CMP Page 27
HOL-2073-02-CMP
1. On the compute tab, we can see the compute resources which are associated
with this Cloud Zone. In the case of AWS, these compute resources are
Availability Zones. On this tab, we can configure additional capability tags to be
more specific about target resources.
2. Now let's click on the Projects tab to take a look at the information configured
there.
1. On the last tab, Projects, we can see that a project named HOL Project has
rights to deploy into this Cloud Zone. For vRealize Automation users, the project
is akin to a Business Group. As you can see, multiple projects can be given rights
to provision into a single Cloud Zone.
HOL-2073-02-CMP Page 28
HOL-2073-02-CMP
2. Now that we have finished looking at the AWS Cloud Zone Cloud Zone, let's
click Cancel and continue on.
Summary
In this section, you learned about Cloud Accounts and Cloud Zones. Within your own
environment, you are likely to add multiple Cloud Accounts across AWS, Azure, GCP and
vCenter. Cloud Zones and Tags can be used together to inform placement decisions
when it comes to provisioning time.
Move onto the next lesson where we will configure some constructs that will allow us to
reuse blueprints across multiple cloud platforms.
HOL-2073-02-CMP Page 29
HOL-2073-02-CMP
Cloud administrators set up the projects then add users and cloud zones. Anyone who
creates and deploys blueprints must be a member of at least one project.
If you are set up to view cards, you can see a summary of what has been configured for
each project. We have a project named HOL Project, configured in our organization.
Let's open it up and take a look at it.
HOL-2073-02-CMP Page 30
HOL-2073-02-CMP
We can now see that there are five tabs available for configuring projects. Below is an
overview of each of these tabs. Feel free to take a look around each of these tabs.
The Summary tab is the default tab. On this tab we have the ability to set or change the
project's name and define a description. We also see an overview of what has been
configured for this project.
The Users tab enables us to add users (by email address) and user groups to the
project. Each user or user group is granted either an administrator or member role.
The Provisioning tab enables us to configure Cloud Zones. Configuration of a Cloud Zone
includes setting a priority for provisioning into that cloud zone as well as an optional
HOL-2073-02-CMP Page 31
HOL-2073-02-CMP
limit to the number of instances which may be provisioned into that Cloud Zone. The
Provisioning Tab also allows us to
The Kubernetes Provisioning tab enables us to assign an Kubernetes Zone to our project
thereby enabling project members to provision to K8's clusters to that Zone.
The Integrations tab lists any integrations with other tools (such as Jenkins, Artifactory,
git, etc.) that have been configured and attached to the project
Summary
One of the most common questions that we get is what Projects should be centered
around. In truth, it comes down to your own organizational structure. Most people like to
align a project with a cost-code in order to track the budget. These could be project
related during the design and build phase, but may need to switch over to a different
cost center once it is released into production.
Like most good design decisions, take your time when you are considering this and
remember - you can easily change your approach!
HOL-2073-02-CMP Page 32
HOL-2073-02-CMP
Similarly Image mapping allows us to map a common term to a vSphere template, AWS
AMI, GC Image and/or an Azure VHD.
Flavor Mapping
A flavor mapping groups a set of target deployment sizing for a specific cloud account/
region in Cloud Assembly using natural language naming.
Flavor mapping lets you create a named mapping that contains similar flavor sizing
across your account regions. For example, a flavor map named standard_small might
contain a similar flavor sizing (such as 1 CPU, 2 GB RAM) for some or all available
account/regions in your project. When you build a blueprint, you pick an available flavor
that fits your needs.
Flavor Mappings are used to standardize the naming across different resource sizing
options for our machines.
We have one flavor mapping named micro configured in our organization. Let's take a
deeper look at it.
HOL-2073-02-CMP Page 33
HOL-2073-02-CMP
As you can see, we have definitions created for AWS,Azure,vCenter. The micro flavor
mapping equates to a Standard_B1ms size in Azure and t2.nano in AWS. We will use this
flavor mapping in our blueprints.
Image Mapping
HOL-2073-02-CMP Page 34
HOL-2073-02-CMP
Cloud vendor accounts such as Microsoft Azure and Amazon Web Services use images to
group a set of target deployment conditions together, including OS and related
configuration settings. vCenter and NSX-based environments, including VMware Cloud
on AWS, use a similar grouping mechanism to define a set of OS deployment
conditions. When you build and eventually deploy and iterate a blueprint, you pick an
available image that best fits your needs.
Organize image mappings for a project by similar operating system settings, tagging
strategy, and functional deployment intent.
To simplify blueprint creation, you can select a pre-configuration option when you add
a new cloud account. When you select the pre-configuration option, your organization's
most popular image mapping for the specified region are selected.
We have an image mapping called CentOS7 configured in our organization. Let's take a
deeper look at it.
As you can see, we have definitions created for AWS , Azure and vCenter.
For public clouds, it would be typical to have your own images created and hardened to
your own specification. Alternatively, a CloudConfig configuration script can be created
to configure the image to your specifications. We will use this image mapping in our
blueprints.
HOL-2073-02-CMP Page 35
HOL-2073-02-CMP
Summary
In this section, you learned about mappings for both Flavors and Images. If you would
like to create some more profiles of your own then feel free to experiment. When you
are ready, move to the next section to learn about Network Profiles.
HOL-2073-02-CMP Page 36
HOL-2073-02-CMP
You define network profiles to support a target deployment environment, for example a
small test environment where an existing network has outbound access only or a large
load-balanced production environment that needs a set of security policies. Think of a
network profile as a collection of workload-specific network characteristics.
Network Profiles
HOL-2073-02-CMP Page 37
HOL-2073-02-CMP
We can now see that there are five tabs available for configuring network profiles. Below
is an overview of each of these tabs. Feel free to take a look around each of these tabs.
The Summary tab is the default tab. On this tab we can see the account/region for the
network profile. We can edit the name and description of our network profile as well as
setting tags which can be associated with constraints on a blueprint.
The Networks tab is used to configure the networks available in the associated cloud
account/region. A network here consists of a cloud account, IP address or range, and
network tags to control how and where to provision a blueprint deployment. Network
parameters in the profile define how machines in the deployment can communicate
with one another over IP layer 3. Individual networks within the profile can also have
tags which can be associated with constraints on a blueprint.
HOL-2073-02-CMP Page 38
HOL-2073-02-CMP
The Network Policies tab enables us to configure cloud account specific options.
Depending on the associated cloud account, you can use network policies to define
settings for on-demand networks for the outbound, private, and routed network types
and for on-demand security groups.
The Load Balancers tab displays load balancers which have been data collected from
the cloud account. You can update load balancers in the blueprint YAML.
The Security Groups tab provides the capability to use a security group to further define
the isolation settings for a private or outbound network. Security groups are applied to
all the machines in the deployment that are connected to the network that matches the
network profile. As there might be multiple networks in a blueprint, each matching a
different network profile, you can use different security groups for different networks.
1. Once you are done looking through network profile configuration options, scroll to
the bottom of the network profile window and click on the CANCEL button.
Summary
Now that we have taken a look at our network profiles, we are ready to create our
Cloud-Agnostic blueprint.
HOL-2073-02-CMP Page 39
HOL-2073-02-CMP
Conclusion
In this module, you learned about the new modern architecture of vRA 8.0 and its
various concepts to build a cloud agnostic blueprint. Now you are ready to move on to
one or more main modules of this lab to understand more on the features of vRA 8.0 by
performing hands on exercises.
HOL-2073-02-CMP Page 40
HOL-2073-02-CMP
Module 2 - Building
Blueprints with Cloud
Assembly (45 minutes)
HOL-2073-02-CMP Page 41
HOL-2073-02-CMP
Introduction
This Module will lead is focused on the Cloud Assembly constructs required to provision
to MultiCloud environments with cloud agnostic blueprints.
• Introduction
• Understanding Tagging in Cloud Assembly
• Creating your First Application Blueprint
• Conclusion
The first several sections of this module provide an introduction to the infrastructure
constructs which are configured in Cloud Assembly. These constructs have already been
created in our lab for AWS and Azure.
Some files that will be used in this lab are stored in an online repository. These files
must be copied over to the local repository on the Main Console server. **If you have
not already updated the local repository since you started this lab, follow the
steps below. If you have already updated the files, you can skip these steps and start
Introduction to Cloud-Agnostic Infrastructure-as-Code.
HOL-2073-02-CMP Page 42
HOL-2073-02-CMP
1. Double-click the GitHub Desktop icon on the desktop of your lab environment
desktop or click the GitHub Desktop icon in the taskbar of your lab environment
desktop
HOL-2073-02-CMP Page 43
HOL-2073-02-CMP
To synchronize the repository on the local machine with the online repository,
HOL-2073-02-CMP Page 44
HOL-2073-02-CMP
Now the files have been synchronized to the local repository. You can now:
1. View and edit text files in the repository directly in the Microsoft Visual Studio
Code editor; or
2. Access the files in Windows Explorer
HOL-2073-02-CMP Page 45
HOL-2073-02-CMP
Your files will still be accessible in the Lab Files folder on the desktop of the Main
Console computer or from Microsoft Visual Studio Code.
HOL-2073-02-CMP Page 46
HOL-2073-02-CMP
Introduction to Cloud-Agnostic
Infrastructure-as-Code
Define, Aggregate and Deploy across Clouds
Design cloud agnostic blueprints and provision workloads to any cloud based on the
defined policies is even easier in Cloud Assembly with vRealize Automation. Cloud
Assembly has the intelligence to take this cloud agnostic blueprint and know when to
place it where using which specific cloud components. You will be using the service to
deploy machines, applications, and services to your cloud vendor resources.
HOL-2073-02-CMP Page 47
HOL-2073-02-CMP
Blueprint
How to define your infrastructure, you will be using blueprint to define, provision and
manage the lifecycle of resources. Whenever you author a blueprint, you are creating
YAML-based code, a human-readable data-serialization language. You can create the
blueprint through the UI or the YAML editor. Regardless of whether you drag and drop
resources on the visual canvas or if you write the YAML directly, the two designs are
always in sync and exactly reflect each other.
Deployments begin with blueprints, the specifications that define the machines,
applications, and services that you create on cloud resources by way of vRealize
Automation Cloud Assembly.
• Resource Types : resources that are exposed through data collection. It can be
Compute, Network, Security, Storage, Machine, Volume resources object that you
can configured and managed in your blueprint.
• Properties : related to the resources that you are interacting with. It can be
Machine Flavor, Machine Image etc.
• Tags : labels resource with capability tags to affect the blueprints.
• Cloud Zones : the zone where the resources will be provisioned.
• Inputs : User inputs when the service is deployed.
HOL-2073-02-CMP Page 48
HOL-2073-02-CMP
Summary
You have seen all the Cloud assembly purposes and concept that will help you to
understand in the next module. You will go through the details about tagging how in a
large environment, a structure and a strategy should be defined to make the service
development faster and easier with a governance around it.
HOL-2073-02-CMP Page 49
HOL-2073-02-CMP
There is a shortcut on the desktop that you will use to execute the script.
1. Click the bottom-right corner of the desktop next to the clock to minimize all
windows and show the desktop
The lab must be in a Ready state in order for the script to work. The cloud accounts
cannot be configured until vRealize Automation is fully up and running. The way for you
to know that it is ready, is to check the status of the lab environment on the desktop.
HOL-2073-02-CMP Page 50
HOL-2073-02-CMP
If you see anything other than Lab Status Ready on the desktop, do not proceed with
the following steps until the status changes to Ready.
Once you have verified that the lab status is Ready, Double-click the icon on the
desktop titled Configure Cloud Accounts to launch the script in a command prompt
window.
HOL-2073-02-CMP Page 51
HOL-2073-02-CMP
Hopefully your command prompt window will show that credentials were found and that
the public cloud related objects were created in vRealize Automation. If so, press any
key on your keyboard to close the window and then proceed with the lab.
There are a limited number of cloud accounts available for use with this Hands on Lab.
Depending on how many other people are taking the lab at the same time as you, there
may not be any credentials available now. If this is the case you will see output in the
command prompt window informing you that everything was successfully created. You
can still proceed with the lab but know neither the AWS nor the Azure public cloud
accounts will be available. If that happens, you can wait and try running the script again
later or stop the lab and re-launch it later.
HOL-2073-02-CMP Page 52
HOL-2073-02-CMP
You will note that there are a number of actions here apart from just the ability to create
or delete a blueprint. We will explore the other options later in this lab. For now, please:
HOL-2073-02-CMP Page 53
HOL-2073-02-CMP
On this page, you need to enter some basic details about your blueprint. In the context
of this lab, the amount of information that you provide here is not going to have
significant impact on how you use the product. However, in a production environment
where the number of blueprints that you have would increase, adding details in the
Description field becomes far more useful, as you can search against this information.
HOL-2073-02-CMP Page 54
HOL-2073-02-CMP
1. The Components panel, where you select the components that you want to use
for your application.
2. The Canvas, where your application infrastructure topology is represented.
3. The Editor where your YAML will be presented and modified.
There are two other useful items to be aware of on this page that will help you with
managing screen real estate.
HOL-2073-02-CMP Page 55
HOL-2073-02-CMP
YAML Backup
Note that if you have any trouble creating the blueprint in the following steps, the full
YAML definition is available in the Lab Files directory on your lab console desktop. You
can open the file, copy the YAML and paste it directly into the blueprint if needed.
Hopefully you will be able to build the blueprint from scratch using the following
instructions but know that if you need help, the file is here.
1. Note the 2073-02-M2-FirstApp.yaml file in the Lab Files folder on the desktop
HOL-2073-02-CMP Page 56
HOL-2073-02-CMP
1. Drag a Machine object from the vSphere section onto the canvas.
2. You will see the YAML description automatically populated. Hover your mouse
over the properties field. You will notice that it is a hyperlink. Click on it and see
that you get a list of all available properties that can be defined for this object
type. After you are done looking at the content in the pop-up box, click anywhere
in the blueprint area to close the pop-up box.
1. Click between the single quotes on the image field. You will see the list of images
that have been defined in vRealize Automation and have been made available to
the Project you are working in
2. Click to select CentOS7. Note that if there were other Image Mappings available
for this project, they would also be displayed in the list.
HOL-2073-02-CMP Page 57
HOL-2073-02-CMP
Add a Constraint
Constraints allow you to specify parameters that must match a tag on a the
infrastructure (a Cloud Zone for example). The constraint is a way to force vRealize
Automation to only deploy the blueprint to infrastructure that has a matching tag.
1. Place your cursor after the totalMemoryMB: 1024 property and press the Enter
key to add a new line in your YAML that is aligned under the properties section
then type con and pause so see the auto-populate options
2. Click to select constraints: from the list
HOL-2073-02-CMP Page 58
HOL-2073-02-CMP
In our environment, we have applied the "compute:vsphere" tag to the our two compute
clusters in the vRA-Managed vSphere Compute cloud zone but not to our management
hosts or cluster. By using that constraint tag in our blueprint, we will ensure that the
virtual machine gets provisioned to our compute clusters and not to our management
cluster.
Note that you could also have typed the tag value here and if the tag had not previously
been defined in vRealize Automation, it would have been created at that point.
Be aware that YAML is whitespace sensitive, and incorrect indenting may lead to issues
with provisioning. If you do make a mistake, you should see a red exclamation appear
beside the line where the mistake has been made. Try it out now if you like by adding an
extra space before image. Resolve the error and move to the next page.
Also remember that the full YAML definition for this blueprint is available in the Lab Files
directory on the desktop of your lab console if you have any difficulties creating it
yourself
HOL-2073-02-CMP Page 59
HOL-2073-02-CMP
Add a Network
Since we will want our virtual machine to be attached to a network, we need to add a
network object to the blueprint.
1. Drag a Network object from the vSphere section onto the canvas.
2. To attach your Machine object the the network, hover over the white circle on
the left hand side of the Cloud_vSphere_Machine_1 box, and then click and drag
the circle onto the Cloud_vSphere_Network_1 box.
3. You will see the YAML definition for the network itself and for the networks section
added to your VM resource.
HOL-2073-02-CMP Page 60
HOL-2073-02-CMP
1. In the image, note that we have applied the "net:vsphere-vm" tag (as well as
some others) to the VM-RegionA01-vDS-COMP vSphere network. This is the
network we will want to attach our machine to so we will be using this tag.
2. In addition, note that for the above network, we have defined an IP range from
192.168.120.100-192.168.120.199. This range will act as a pool from which
vRealize Automation can assign static IP addresses to virtual machines using this
network
1. Use what you have learned about YAML editing to add a new entry on the
vSphere Machine object under -network to set the IP address assignment to
static
2. Use what you have learned about YAML editing to add a new constraint tag
"net:vsphere-vm" to the vSphere Network object
HOL-2073-02-CMP Page 61
HOL-2073-02-CMP
1. Once that is complete, click on the VERSION button to begin the versioning
process.
HOL-2073-02-CMP Page 62
HOL-2073-02-CMP
Now that your basic configuration has been setup, it would be a good idea to capture
the state it is in as a version 1 blueprint.
We will look at versioning in more detail later in the lesson, including how you can
identify differences between versions.
HOL-2073-02-CMP Page 63
HOL-2073-02-CMP
Close the test window once you have validated the blueprint.
HOL-2073-02-CMP Page 64
HOL-2073-02-CMP
Deployment Information
HOL-2073-02-CMP Page 65
HOL-2073-02-CMP
The deployment will take a few minutes to come up. Note that due to browser zoom and
rendering in this lab environment, you might not see the linkage between the vSphere
Machine and the vSphere network in the topology diagram. Rest assured that the
linkage is still there.
If you want to, you can open a new browser tab, log in to the vSphere Client and see the
machine being deployed there.
1. Once the deployment has successfully deployed, you will see the status change
to "Create Successful". You may need to click the refresh icon to the right of the
Actions drop-down in order to get the status to update.
2. Click on the Cloud vSphere Machine object to highlight it
3. Take a look at the information panel to the right. Your deployment should be
powered on and you can see details about the virtual machine. If you scroll down
in the information pane, there is additional information to explore.
4. Note that the machine will have an IP address assigned from the static IP pool we
saw above
HOL-2073-02-CMP Page 66
HOL-2073-02-CMP
In the information panel, you can also access a list of actions that you can take on the
virtual machine
1. Click the Actions link to see the list of available actions. Note that this list can be
modified via policies in the Service Broker module of vRealize Automation.
2. Click Connect to Remote Console
This will open a new tab in your browser with a remote console session to the deployed
virtual machine. You can log in if you want (login: root / Password: VMware1!) and run a
command like ip addr show to verify the assigned IP address.
When you are done with the console, just close the console browser tab.
HOL-2073-02-CMP Page 67
HOL-2073-02-CMP
We are now going to modify the blueprint to increase the number of deployed virtual
machines to two.
HOL-2073-02-CMP Page 68
HOL-2073-02-CMP
Test Results
1. Your blueprint test should return Successful. If it doesn't, address the issue
before proceeding.
2. Click the X to close the test window
HOL-2073-02-CMP Page 69
HOL-2073-02-CMP
HOL-2073-02-CMP Page 70
HOL-2073-02-CMP
At this stage, you will be notified of additions, changes or deletions that will occur.
1. Expand the Adds and Deletes sections to see what changes will be made to the
deployment
2. Click the DEPLOY button
HOL-2073-02-CMP Page 71
HOL-2073-02-CMP
Wait Patiently
Request History
You will see all the task list and request in progress related to your request and how long
it takes.
HOL-2073-02-CMP Page 72
HOL-2073-02-CMP
If you have a resource mapping issue, you will see the resource error on this view.
HOL-2073-02-CMP Page 73
HOL-2073-02-CMP
1. Close the provisioning diagram when you are done exploring the page
If the request failed, you should be able to see on this view which steps in your blueprint
have problems.
HOL-2073-02-CMP Page 74
HOL-2073-02-CMP
Clean Up
Once your deployment updates successfully, you can explore the details either here on
the deployment page or in the vSphere Client.
To ensure you have enough resources for future tasks in this lab, you will need to clean
up your deployment.
HOL-2073-02-CMP Page 75
HOL-2073-02-CMP
The version history for each blueprint is stored with the blueprint.
This shows the differences in the YAML between the two blueprint versions. Scroll down
and take a look at the changes that have occurred. The detailed diff is quite valuable,
but doesn't lend itself to a quick view of what has changed.
Visual Differences
Wrapping it Up
In this lesson, you learned how to configure Cloud Assembly to get it ready for
provisioning, how to navigate the blueprint canvas to create, version and deploy
blueprints.
HOL-2073-02-CMP Page 76
HOL-2073-02-CMP
Next up, we will configure all of the abstractions that are required in order to provide
cloud agnostic blueprints - blueprints that can be deployed to different public and
private clouds depending on conditions.
HOL-2073-02-CMP Page 77
HOL-2073-02-CMP
You are probably already thinking about the number of blueprints that you will need to
spawn up to make this happen. Hold that thought. A new feature in vRealize Automation
8 allows you to create a single blueprint that can be deployed to multiple endpoints,
such as your on-premise vSphere or the public cloud environments.
Before we can create the blueprint, we want to make sure that the Agnostic Constructs
are available for consumption. From the previous module (Module 1 - Foundation -
Getting Started with vRealize Automation), you have already viewed many of the
constructs; however, we want to make sure we are ready.
HOL-2073-02-CMP Page 78
HOL-2073-02-CMP
HOL-2073-02-CMP Page 79
HOL-2073-02-CMP
1. Under the Cloud Zones section, you should see multiple cloud zones (AWS,
Azure, and vRA Managed vSphere) available for the project.
2. Each Cloud Zone, should have a priority of 1 and be configured with limited
instances and unlimited memory
3. On the far right, each Cloud Zone, should have Capability Tags. As we saw in
the previous section, these tags can be used as constraints in the blueprints to
dictate where an object gets provisioned. This is an important construct that we
will use in this lesson.
4. Scroll down and select Cancel (not pictured in the screenshot).
NOTE: The next module will discuss Tags in greater detail. For now, we just want to
make sure that each Cloud Zone is configured for the project.
HOL-2073-02-CMP Page 80
HOL-2073-02-CMP
Image Mappings
HOL-2073-02-CMP Page 81
HOL-2073-02-CMP
Note that all of these mappings point to a CentOS 7 machine in the respective clouds.
New Blueprint
Let's create a new blueprint that will be cloud-agnostic (able to provision to different
cloud endpoints).
HOL-2073-02-CMP Page 82
HOL-2073-02-CMP
Blueprint Details
HOL-2073-02-CMP Page 83
HOL-2073-02-CMP
1. From the object Inventory, locate the Cloud Agnostic > Machine and drag it to
the center of the canvas.
2. If done correctly, you should see a Cloud_Machine_1 object on the screen.
3. Take a look at the YAML code for this machine.
Note: As in the previous lesson there is a file in the Lab Files folder on the desktop that
contains the YAML for this lesson. If you need help, the file is 2073-02-M2-Cloud-
Agnostic.yaml.
HOL-2073-02-CMP Page 84
HOL-2073-02-CMP
We are going to start out creating this blueprint to deploy in the local vSphere
environment and then expand the blueprint to add the ability to deploy into AWS as
well.
1. To the right of image, you will notice a set of single quotes (').
2. Click inside the quotes, and you will notice a selection of image resources
available for the blueprint. Go ahead and select CentOS7.
NOTE: While Ubuntu is available to be selected, CentOS7 is the only operating system
that has been configured in all destinations. If you select Ubuntu, you will not be able
to deploy this operating system within the on-premise vSphere location.
Let's complete the code for a simple deployment to vSphere. Using what you have
learned about editing the YAML definitions,
HOL-2073-02-CMP Page 85
HOL-2073-02-CMP
1. Click TEST to see if our blueprint has proper syntax and available placement
options
HOL-2073-02-CMP Page 86
HOL-2073-02-CMP
As a reminder, our environment is configured with tags on the various cloud zones and
compute endpoints so by changing the constraint tag on the blueprint, you are testing
whether a matching tag exists on the infrastructure.
Ensure that the constraints tag is for the AWS cloud zone then,
HOL-2073-02-CMP Page 87
HOL-2073-02-CMP
Version 1.0
HOL-2073-02-CMP Page 88
HOL-2073-02-CMP
Now that the blueprint has been tested and versioned, let's deploy a virtual machine
workload. In the lower left of the Blueprint Canvas Page, click Deploy.
1. Select Create a new deployment. This should be the default option. It will allow
you to deploy a new workload.
2. Provide a name for the deployment in the Deployment Name field. This will be
the name of the deployment container object seen in the Deployments tab when
completed.
HOL-2073-02-CMP Page 89
HOL-2073-02-CMP
3. Under the Blueprint Version, you have the option to change the version of the
active blueprint. This would allow you to try something different during blueprint
deployment.
4. Providing a Description in this field, will generate information about the
deployment in the Deployments tab when completed.
5. Click DEPLOY to create the new machine in AWS.
Deployment Details
This deployment will be much faster than your vSphere deployment in the previous
lesson. Provisioning to AWS is very fast with vRealize Automation.
1. Once the deployment completes, a Successful badge will appear in the progress
bar.
2. Click Cloud_Machine_1 object on the canvas
3. Note the deployment details with important information, such as the IP Address,
region, etc. Since this HOL environment is firewalled with very specific internet
addresses whitelisted, you will not be able to open the AWS console for this
machine.
4. Click the History tab.
HOL-2073-02-CMP Page 90
HOL-2073-02-CMP
Deployment History
During the deployment provisioning, the History tab can provide detailed progress
information.
Click Close.
Deployment Tab
You are returned to the Deployments tab where each of the Project's deployments are
displayed. For the virtual machine that we just deployed, you can observe summarized
details about the provisioning. Notice the following details:
• Deployment Name
HOL-2073-02-CMP Page 91
HOL-2073-02-CMP
When deploying a virtual workload, using the same Deployment Name may get
confusing after a couple of provisions. Maybe try replacing the Deployment Name with
a ticket number from your CMDB, or possibly the Project Name (i.e., Project Metropolis)
or Project "App Name" (i.e., Project Sharknado v4.0) used with the project.
Additionally, adding a Point of Contact (POC) or information about the workload in the
Description field may help clarify any confusion down the road.
Clean Up
1. Locate Actions along the right hand side of the Deployment Container Object
and click it.
2. In the drop down menu, click Delete to delete the deployment
Moving On ...
Yay! Pat yourself on the back! At this point, you have successfully created a Cloud
Agnostic Blueprint that can be deployed in a public Cloud, such as Amazon (AWS) and
Azure, or an on-premise vSphere environment. You also noticed that we were able to
perform these tasks with a single simple Cloud Agnostic Blueprint -- without the need of
blueprint sprawl and an individual blueprint for each of our destinations.
HOL-2073-02-CMP Page 92
HOL-2073-02-CMP
Feel free to perform this module again and redeploy the same Cloud Agnostic Blueprint
to each of the destinations, or if you would like, you can proceed onto the next lesson.
HOL-2073-02-CMP Page 93
HOL-2073-02-CMP
In this lesson, we are going to spend some more time exploring tags and discussing
some best practices around managing your tags. You will discover a new way to manage
your virtual machine metadata. Fundamentally, tags are labels that you add to vRealize
Automation Cloud Assembly items. You can create any tags that are appropriate for your
Organization and implementation. Tags function as much more than labels though,
because they control how and where vRealize Automation Cloud Assembly uses
resources and infrastructure to build deployable services. Tags also support governance
within Cloud Assembly.
Tags are a critical component that drive the placement of deployments through the
matching of capabilities and constraints so you must carefully plan and implement an
appropriate tagging strategy based on your organization's IT structure and goals to
maximize Cloud Assembly functionality and minimize potential confusion.
Tag Overload
HOL-2073-02-CMP Page 94
HOL-2073-02-CMP
In the new platform, there are tags, capability tags, constraint tags, standard tags,
project tags, project constraint tags, and custom properties. There is a bit of tag
overload going on here. Some of these tags are used in placement decisioning, some of
them propagate from higher level objects and go on to set tags on the endpoint itself,
and some of them do not. Each of the referenced tag types are defined as follows:
• Capability Tags are used in Cloud Accounts, Integrations, Cloud Zones, Network/
Storage Profiles
• Constraint Tags are used in Image Profiles, Projects and Blueprints
Capability tags placed on cloud zones, network and storage profiles, and individual
infrastructure resources define desired capabilities for deployments.
Constraint tags that cloud administrators place on projects enable them to exercise a
form of governance over those projects. These constraint tags are added to other
constraints expressed in blueprints.
HOL-2073-02-CMP Page 95
HOL-2073-02-CMP
NOTE: Tags also facilitate search and identification of storage items, network items, and
other infrastructure resources.
There are two main areas where constraint tags are applicable.
Constraints applied in both areas are merged in blueprints to form a set of deployment
requirements.
By default all constraints are hard. Hard constraints allow you to rigidly enforce
deployment restrictions. If one or more hard constraints are not met, the deployment
will fail. Soft constraints express preferences that apply if available, but they won't fail if
not met.
Synced Tags
The tags property (not to be confused with the constraint tag) allows for the addition of
tags for deployed resources in the corresponding public cloud account (AWS, Azure, etc).
• Machines
• Volumes
• Load Balancers
HOL-2073-02-CMP Page 96
HOL-2073-02-CMP
Tags are synched both ways, to and from the remote cloud account to the Cloud
Assembly Tags Management list.
External Tags are imported automatically from public cloud accounts that you
associate with a vRealize Automation 8 instance. These tags might be imported from
vSphere, AWS, Azure or other external endpoints. When imported, these tags are
available for use in the same manner as user created tags.
Network Resource Tags are written back to provisioned resources when they are created
in the cloud infrastructure and contain key/value pairs.
HOL-2073-02-CMP Page 97
HOL-2073-02-CMP
NOTE: Take care not to create tags and values in your AWS console that might be used
for placement decisions in vRealize Automation 8.
Standard Tags
Standard tags are applied to some deployments to support analysis, monitoring, and
grouping of deployed resources. These tags are used under the hood by vRealize
Automation for internal sorting and when calculating placement decisions.
Standard tags are unique within vRealize Automation. Unlike other tags, users do not
work with them during deployment configuration, and no constraints are applied.
These tags are applied automatically during provisioning on AWS, Azure, and vSphere
deployments.
Standard tags are automatically stored as system custom properties, and they are
added to deployments after provisioning.
Cloud Assembly uses a specific order and hierarchy in resolving tags to create
provisioned deployments. Understanding the basics of this process will help you to
implement tags efficiently to create predictable deployments.
• Cloud zones are filtered by several criteria, including availability and profiles;
tags in profiles for the region the zone belongs to are matched at this point.
• Zone and compute capability tags are used to filter the remaining cloud zones
by hard constraints.
• Out of the filtered zones, priority is used to select a cloud zone. If there are
several cloud zones with the same priority, they are sorted by matching soft
constraints, using a combination of the cloud zone and compute capabilities.
• After a cloud zone is selected, a host is selected by matching a series of filters,
including hard & soft constraints as expressed in blueprints.
HOL-2073-02-CMP Page 98
HOL-2073-02-CMP
If tags on the project conflict with the tags in the blueprint, the tags from the project
take precedence.
Let's Play
Now that we have covered what kind of tags exist within vRealize Automation, let's put
them to use. Before we begin, there is a pre-built blueprint that we need to import that
will help us with the demonstration.
Import Blueprint
HOL-2073-02-CMP Page 99
HOL-2073-02-CMP
Upload Wizard
Choose File
1. In navigation pane, open the Main Console --> Desktop --> Lab Files folder
2. Locate the file named 2073-02-M2-TagBlueprint.yaml and select it.
3. Click Open
Upload
Review the information and verify the wizard contains the Name and Project, as well as
the file that was just selected.
1. Locate the new Tag Blueprint and click the name to open it.
The blueprint consists of an On-Prem (vSphere) VM and a Cloud VM. The On-Prem VM is
attached to a network. This hybrid cloud blueprint is designed to create a VM in
vSphere, and a VM in the public cloud.
When reviewing the YAML code, you will notice the properties of each virtual machine
object, both the On-Prem and the Cloud VMs.
1. Take note of the tags that were assigned to both virtual machines.
2. Also review the inputs. Inputs are properties that are presented on the request
form to be selected at the time of provisioning.
The input parameters are combined with the tag and completes the entire tag name.
Notice that the tags, have been defined as hard and soft.
Be careful when you mix and match soft and ! constraints as you are letting the
deployment engine chose “loosely” placements for your resource, especially for multi-
resource blueprints.
1. Locate and click the Test button on the bottom left of the Blueprint Canvas.
Please do not deploy any virtual machines. The Test functionality will allow us to
observe the necessary settings without the need to deploy.
Blueprint Inputs
The request form for the Blueprint will require user input of a T-Shirt Size, the
Platform, and the Environment.
• Because of the limitations of resources in the lab, the VM sizes are "micro" and
"small". However, these choices will not affect the provisioning of the virtual
machines.
• The platform choice is limited to Amazon (AWS) and vSphere.
• The environment was limited to just Dev for a development instance.
Once the test has completed, you should see a successful result highlighted in green.
1. A really cool feature of the testing functionality is the ability to observe the
Provisioning Diagram. Click this link.
Request Details
The request details will display the various objects that make up the provision request.
As you can see in this example, the details start with the Network Allocation. If you
remember from the YAML code, the On-Prem VM was supposed to be configured on an
existing network using vsphere-networks. From this example, that network was
selected.
1. Locate Machine Allocation and click it. A dropdown menu will appear allowing
you to click on the details for either the onpremvm or the cloudvm.
2. Select the onpremvm.
On-Prem VM Details
Review the details of the virtual machine. Notice the constraint tags for each of the
objects. Scroll down.
Placement is decided by matching tags with the various objects. In this example, the
tags: hol.cloud.zone.env:dev, hol.cloud.zone.platform:vsphere were matched
with the request, placing this machine on the vSphere platform.
Cloud VM Details
Again, review the details of the objects that were selected for the virtual machine. Also,
take note of the constraint tags for each of the objects. Scroll down
1. The constraint tag that matched for this object was hol.cloud.zone.env:dev
and hol.cloud.zone.platform:aws. The expression in the tag forces aws to
always be selected, no matter which platform was chosen.
2. Click the CLOSE button
Now we want to try the test again but this time selecting AWS as the platform.
Provisioning Diagram
The details will again start with the Network Allocation. Feel free to review the details of
the network allocation.
On-Prem Details
Scroll up.
Cloud VM Details
Again, you notice that the cloudvm is placed in Amazon (AWS). The VM was placed in
AWS for the same reason as the first test. The expression in the tag forces AWS to
always be selected, no matter which platform was chosen. But the constraint type on
the vSphere tag allows us to successfully provision VMs between the platforms.
Summary
From here, you can clean up any provisioned virtual machines. Yes, please delete them -
- especially if you deployed anything to the public cloud.
From this lesson, you may have realized, that tags are more prevalent and more
powerful than ever in vRealize Automation 8. Tags can be used to formulate a computer
hostname, or as shown - can help determine placement of virtual machines during
deployment. Tags are driven by business needs and requirements. It is recommended to
carefully plan, map out, educate, and implement an appropriate tagging strategy based
on those needs to maximize vRealize Automation functionality.
• There is no one rule or naming convention for how and where to create tags.
• Keep them simple and descriptive.
Want to learn more about tags? Here's a few links that can help you with the subject
(each link opens in a new window):
Conclusion
In this module, you learned about how Cloud Assembly allows you to create reusable,
cloud agnostic blueprints. You looked at the back end configuration of storage,
networks, images and flavors to support this, and got stuck into blueprints - learning
about using tags and constraints, versioning and iteration. Well done on completing the
module!
You can page forward to the next module or select one of the links below to jump to the
module of your choice.
Or, if you would like to end the lab, see the next page.
1. To end your lab click on the END button at the top of your lab console
Module 3 - Integration
with GitHub, NSX-T On-
Demand Networking and
Infoblox (45 minutes)
Introduction
This Module will focus on configuring Cloud Assembly with a GitHub repository, syncing
GitHub to make available a blueprint, and deploying a blueprint that demonstrates
integration between Cloud Assembly and NSX-T.
• Introduction
• Overview of GitHub Integration and configuration in Cloud Assembly
• Synchronize GitHub sourced blueprint to Cloud Assembly
• Overview of vRealize Automation 8 and NSX-T On-Demand-Network Integration
• Review and Deploy in Cloud Assembly with NSX-T On-Demand Networking
• Validate and test CentOS deployments with NSX-T On-Demand Networking
• Infoblox Overview
• Configure IPAM Infoblox Plugin
• Review Infoblox Prerequisites and Configure Cloud Assembly Network Profile
• Deploy Infoblox CentOS VM
• Conclusion
When Git integration is configured with an existing repository, all blueprints associated
with selected projects become available to qualified users. You can use these blueprints
with an existing deployment or as the basis of a new deployment. When you add a
project, you must select some properties regarding where and how it is stored in Git.
You can save actions to a Git repository directly from vRealize Automation Cloud
Assembly. You can version action scripts either directly to Git, or you can create versions
in vRealize Automation Cloud Assembly. If you create a version of an action in vRealize
Automation Cloud Assembly, then it is automatically saved to Git as a version.
Blueprints are a bit more complicated, because you cannot directly add them to a Git
integration from vRealize Automation Cloud Assembly. You must commit them outside of
vRealize Automation to a Git repository, and then you can retrieve them from Git when
working with the blueprint management page in vRealize Automation Cloud Assembly.
You must create and save your blueprints in a specific structure in order for them to be
detected by GitHub.
Configure and store Blueprints to be integrated with GitHub correctly. Only valid
blueprints are imported into GitHub.
The following guidelines must be observed for all blueprints used with GitHub
integration.
• Only valid blueprint are imported and Cloud Assembly may prompt for blueprint
corrections in the event of an error (such as format or incorrect syntax).
• In making changes to a blueprint in GitHub repository - version control
incremented number is reflected in Cloud Assembly Blueprints.
For a high level review, let's explore an example blueprint within a GitHub repository
and Cloud Assembly
The initial setup of GitHub integration for a project in Cloud Assembly syncs the target
blueprint.
Summary
This section reviewed sourcing a Cloud Assembly Blueprint from GitHub and what each
component represents. In the other sections, more detail and actual hands on task will
illustrate the steps necessary to integrate vRA 8 and GitHub.
If you are jumping into this module after just starting the lab or if you closed your
browser after taking previous modules, you will need to open the Chrome browser, click
the vRealize Automation bookmark in the bookmark bar and then log in to vRealize
Automation with the cached credentials.
1. (If you have not already done so), Click on Cloud Assembly.
Note that the two existing blueprints are not stored in an external Git repository. They
were created in vRealize Automation directly and are only stored in vRealize
Automation's database.
As you prepare to integrate GitHub and Cloud Assembly, a key component is the Cloud
Assembly Project that ties together the integration.
1. Click Infrastructure
2. Click Projects
A Cloud Assembly Project links users, cloud zones and and blueprints. Amongst other
things, it also allows a project to be associated so as to sync blueprints from external Git
repositories. You will see this Project referenced in later configuration steps.
1. This is a point in reference only as you proceed to the GitHub integration in the
next step. In taking note of this On-Demand-Network Project, you will configure
the synchronization process for GitHub integration with this project.
1. Click Integrations
2. Click ADD INTEGRATION
1. Click GitHub
1. Click OPEN
1. Click Projects
Add Project
Select On-Demand-Network
This step interconnects the Cloud Assembly Project to the GitHub Integration
1. Select On-Demand-Network
2. Click NEXT
1. Click on the arrow to view expanded details and the sync process for the GitHub
integration
Navigate to Blueprints
1. Click Blueprints
Summary
1. The first persona (ADMINISTRATOR) highlights the roles and tasks for creating
the underlying infrastructure interconnecting through Infrastructure as Code
(Blueprint).
2. The second persona (CONSUMER) highlights the role in requesting the blueprint;
therein, consuming On-Demand-Networking through Cloud Assembly NETWORK
PROFILES.
1. In a Cloud Assembly Blueprint, integrating with NSX-T networking, you have five
options for networkType. In this overview, you see routed highlighted and used
to create on-demand networking declared int the blueprint.
2. This diagram illustrates how with NSX-T on-demand networking, NSX-T creates a
logical switch Tier1 Gateway that connects the provisioned VM.
1. Network Profiles define a group of networks and network settings that are
available for a cloud account in a particular region or data center in vRealize
Automation Cloud Assembly.
2. Network Policies define settings for (in this case routed) network types.
3. Configured example for on-demand network settings (you will review these
details in the next section).
In the next section, you will deploy two CentOS virtual Machines with on-demand
networking. This diagram outlines the constructs that illustrate on-demand networking.
In future sections, you will review vCenter virtual machines and NSX-T on-demand
constructs that highlights the information below.
To assist in understanding this process, review the two subnets shown on the next page
below for more detail.
Summary
In this section, we completed an overview of the Cloud Assembly and NSX-T constructs
that demonstrate On-Demand-Networking. Next, you will configure these constructs
and deploy two CentOS demonstrating On-Demand-Networks followed by a review in
vCenter and NSX-T.
1. Variables are defined with inputs: in naming the virtual machine and NSX-T On-
Demand Network. There are two inputs defined name: and network-name:
2. The name: input configures a customized hostname for the virtual machine. It
is defined as a string with a default value of hol-centos and has a minLength
of 1 and maxLength of 10.
3. The network-name: input configures a customized network name for the On-
Demand-Network created in NSX-T. It is defined as a string with a default value
of hol-od and has a minLength of 1 and maxLength of 10.
4. The resources defines the type of constructs to add for the blueprint code.
5. This lab consists of a resource Cloud.vSphere.Machine with properties of
image: CentOS7, flavor: micro, input variable for name, CentOS
customization spec: CentOS and a network configured assignment: static.
In other words, this blueprint deploys in vSphere, micro sized, CentOS7 template
**You may ask where does the virtual machine name and network-name get the two
digit random number as part of the naming process? See the next page for
details.
This screen capture shows that within the Cloud Assembly Project: On-Demand-
Network, there is a Custom Naming template ${resource.name}-${##} that
interconnects the name: variable and as a result control dynamically the hostname of
the virtual machine and on-demand routed NSX-T network.
This is a for reference only - do not follow these steps as they have already
been done in the Project configuration for you
Next, you will close out the blueprint and review Cloud Assembly Network Profiles and
Network Policies
1. Click CLOSE
Before deploying any virtual machines, you will review a key configuration in Cloud
Assembly: Network Profiles for NSX-T On-Demand Networking. A vRealize Automation
Cloud Assembly network profile describes the behavior of the deployed network. Here
you will focus on the use of Network Policies when creating on-demand networks. You
will review a Network Profile / Network Policies for the details with NSX-T On-Demand
Networking
1. Click Infrastructure
2. Click Network Profiles
3. Click OPEN for the details on Network Profile vsphere-networks
In create an on-demand network, you would configure the following (for ease of
convenience, all inputs are populated) - please do not adjust or reconfigure
1. In the on-demand network, you see the referenced CIDR block of 192.168.150/
24, which is then isolated ( or subnetted) with a /28. This equates to 4 subnets
with 14 hosts per isolated network (or subnet).
2. As you provision a CentOS virtual machine, the on-demand network starts using
the subnet addr 192.168.150.0 with a IP range of 192.168.150.1 to
192.168.150.14. The second CentOS virtual machine provisioned will use
subnet addr 192.168.150.16 with an IP range of 192.168.150.17 to
192.168.150.30.
Why is this important? Because as you provision the two CentOS virtual machines -
the first virtual machine will be assigned an IP address of 192.168.150.2 and the
second virtual machine will be assigned an IP address of 192.168.150.17. With the
on-demand networking, you will see NSX-T assign the first on-demand network default
gateway (Tier 1) IP address 192.168.150.1 and the second on-demand network default
gateway (Tier1) IP address of 192.168.150.17.
1. Click Blueprints
2. Select the box for CentOS-On-Demand-Network
3. Click DEPLOY
4. Click NEXT
Deployment Inputs
1. Hostname: hol-centos
2. network-name: hol-od
3. Click DEPLOY
Deployment Information
This view provides Topology, History and Monitoring on the deployment. In this lab, you
will proceed and deploy a second CentOS virtual machine while the first machine is
being provisioned.
1. Click CLOSE
Select Blueprints
You will see the provisioning process of the first CentOS deployment; however, you will
repeat the process for a second CentOS deploy.
1. Click Blueprints
Deployment Inputs
1. Hostname: hol-centos
2. network-name: hol-od
3. Click DEPLOY
4. Click CLOSE (Not Shown)
Be patient while the two virtual machines are deployed. The end result of the two
provided CentOS virtual machines with On-Demand Networking consists of the
following:
Summary
In this section, you reviewed Cloud Assembly Network Profiles / Network Policies that
define NSX-T On-Demand Networking. Next, you deployed two separate CentOS virtual
machines with On-Demand Networking. In the next section, we'll validate the two
separate CentOS virtual machines each within their respective networks that route
traffic to each other.
1. Note, your deployments hostname might look different, ie in this guide two
virtual machines have hostnames hol-centos-xx and hol-centos-yy.
2. Click + to open a new Chrome Tab
vSphere Client
Login to vCenter
This logical network is the result of the on-demand network integration with NSX-T.
(note, your virtual machine hostname and network-name will appear different)
You will see two web consoles for the two deployed virtual machines. You will review and
validate routed network traffic between these two virtual machines.
1. Click into the console for the first machine (the one with the lowest suffix
number)
For clarity, this is an enlarged screen capture, steps are shown below
1. login: root
2. Password: VMware1!
3. Type ip a (press return) this out shows the assigned static IP address of the
virtual machine from Cloud Assembly.
4. Note the IP address of this machine is 192.168.150.2
5. Type ping 192.168.150.18 -c 4 (press return) this output shows a successful routed
network ping request to 192.168.150.18.
6. Type tracepath 192.168.150.18 (press return) this output shows a route path from
192.168.150.2 to 192.168.150.18.
Details on tracepath
**If presented with "Your connection is not private" Click Advanced and Click
Proceed to nsx-mgr.local (unsafe)
1. Type admin
2. Type VMware1!VMware1!
3. Click LOG IN
1. In NSX-T, you see there are two Logical Switches created as part of on-demand
networking. these are hol-od-xx and hol-od-yy.
1. Click Routers
2. Logical Routers (Tier-1) hol-od-xx and hol-od-yy as part of on-demand
networking.
1. You will see the Logical Router, Type, IP Address/mask and Connected To
details.
1. Click in the Chrome browser tabs Cloud Assembly (if you are logged out, click
Cloud Assembly to log back in).
2. Review the two deployments information before proceeding to the next step.
Destroy Deployments
1. Select ACTIONS
2. Select Delete
1. Click SUBMIT
2. REPEAT the same steps for On Demand Network 01 CentOS
1. You might need to click the refresh option to see both deployments as
destroyed
1. Click vSphere - Compute Cluster A (if you are logged out of vSphere,
Check the box Use Windows session Authentication)
2. You will see the virtual machines no longer exist in the cluster
3. Click Networking
1. You will see Logical Switches that were created no longer exit
2. Click X to close out the NSX Browser Tab
Summary
In this section, you deployed two virtual machines with on-demand networking. Next,
you reviewed and validated network connectivity between the separate on-demand
networks. Last, you destroyed the deployments in Cloud Assembly and validated the
virtual machines, Logical Switches and Logical Routers were destroyed.
Infoblox Overview
Introduction
1. (if needed) Launch chrome browser and click on the vRealize Automation
bookmark
Adding Integration
Import Provider
New Integration
Validate
Untrusted Certificate
1. Click Infrastructure
2. Click Integrations
3. Validate that Github and infoblox integrations exist. You created these
integrations in previous steps in this module.
Validate Blueprints
1. Click on Blueprints
2. Validate that you have a CentOS-infoblox Blueprint. You can see the GitHub
icon is listed as the Source Control. This is because it is being synchronized by
the GitHub integration.
Infoblox
Logging in to Infoblox
Infoblox DNS
The intent on validating corp.local is vRA 8 and Infoblox integration creates an A DNS
Resource Record in the forward and reverse DNS lookup zone. This is a prerequisite for
the integration between vRA 8 and Infoblox.
Another prerequisite for the vRA 8 and Infoblox integration is configuration of Extensible
Attributes.
Infoblox IPAM
Details on IPAM
This illustrates the different configuration options within Infoblox for static IP Assignment
with vRA 8.
1. This is a Reserved Range and will not be used as part of the static IP
Assignment integration with vRA 8 and Infoblox. This ensures 192.168.130.1 -
192.168.130.10 IPs are not assigned to a provisioned VM.
2. This is a DHCP Range and will not be used as part of the static IP Assignment
integration with vRA 8 and Infoblox. This ensures 192.168.130.200 -
192.168.130.219 IPs are not assigned to a provisioned VM.
3. The Unused IPs are used for static IP Assignment integration with vRA 8 and
Infoblox. This ensures 192.168.130.11 - 199 and 192.168.130.220 -
192.168.130.254 are available for static IP Assignment.
1. Click Infrastructure
2. Click Network Profiles
Configure Networks
1. Click ADD
1. Click SAVE
Navigate to Blueprints
Select CentOS-infoblox
Deployment Type
1. Type Infoblox-deploy-01
2. Select dropdown for Current Draft
3. Click NEXT
Deployment Inputs
Navigate to vCenter
Validate vCenter VM
Validate Infoblox
1. Click corp.local
Validate Infoblox IP
1. Review deployed Virtual Machine hol-lb-64 (the vm number may be different) for
IP address and that it matches what Infoblox displays. In this example,
192.168.130.11 matches Infoblox.
Review Extensibility
Reviewing Extensibility shows the executed ABX actions and log output.
1. Click Extensibility
2. Click Action Runs
Review Infoblox_AllocateIP
The Infoblox_AllocateIP is the python ABX action that requests and assigns the IP to the
provisioned Virtual Machine.
1. Click Infoblox_AllocateIP
Details Infoblox_AllocateIP
1. Select Log
Navigate to Deployments
1. Select Deployments
2. Select ACTIONS
3. Select Delete
4. Click SUBMIT (Not Shown)
Navigate to Infoblox
1. Review the previous Host Resource Record has been removed now
2. Click the refresh button to refresh the screen.
Return to vCenter
Conclusion
In this module, you had the opportunity to review and configure a GitHub Integration for
synced blueprints. In addition, you configured vRealize Automation 8, NSX-T for On-
Demand Networking and Infoblox integration.
You can page forward to the next module or select one of the links below to jump to the
module of your choice.
Or, if you would like to end the lab, see the next page.
You may proceed to another module but if you are done with this lab:
Module 4 - vRealize
Automation Extensibility
Basics (45 minutes)
Introduction to Extensibility
This module will focus on the extensibility features available in vRealize Automation. We
will explore concepts such as action-based extensibility (ABX) actions, event
subscriptions, and vRealize Orchestrator integration.
It is not necessary to complete any of the previous modules prior to performing the
exercises in this module.
What is Extensibility?
The Event Broker Service (EBS) monitors the vRealize Automation Message Queue for
events, each of which can drive extensibility actions.
These drivers, or subscriptions, are each defined to monitor for a specific event topic.
When the event occurs, the subscription is triggered, initiating either an action-based
extensibility (ABX) action or a vRealize Orchestrator workflow to run. The diagram above
shows two of the most commonly used event topics in vRealize Automation Cloud
Assembly subscriptions: The Compute Provision (Pre) and Compute Provision Post event
topics, which respectively occur prior to and after each cloud resource is provisioned. All
topics can be used to add or update custom properties or tags of the resource.
For a comprehensive list of event topics, see Event topics provided with vRealize
Automation Cloud Assembly.
Subscriptions can be specified as blocking events, which would allow an external system
to take action before the vRealize Automation request or event can continue.
Subscriptions can also be defined as being project-specific, meaning they are linked to
blueprint and deployments through the specified project.
We can view system events in the extensibility event log, workflow runs in the workflow
runs window, and action runs in the action run window, all within Cloud Assembly.
Extensibility Options
Extensibility Actions
Learn More
To learn more, outside of this Hands On Lab visit How to extend and automate
application life cycles with extensibility.
We can create these extensibility action scripts within Cloud Assembly and assign them
to subscriptions. Similar to vRealize Orchestrator workflows, an extensibility action script
is triggered when an event occurs that has been defined in an extensibility subscription.
Extensibility action scripts are used for more lightweight and simple automation of tasks
and steps than you would perform in Orchestrator workflows.
1. Double-click the Google Chrome shortcut on the desktop if not already open
(not shown)
2. Click the vRealize Automation bookmark
2. Click Sign in
1. Navigate to Extensibility
2. Under Library, click Actions
3. Click + NEW ACTION
1. In the right-hand panel, under Inputs, replace the newTags input value with the
following:
{"function":"app","environment":"dev"}
Let's test our new action to see how its output will look
Summary
Let's look at creating a compute provisioning subscription, which invokes the action-
based extensibility (ABX) action we just created in the previous exercise.
We want the action to run prior to the cloud resource being provisioned, so the compute
provision event topic is the appropriate choice:
If an event topic is blockable, marking a subscription as blocking will block any other
subscriptions from being triggered for this same event topic and condition, until this
action has finished running.
Tip: If we wanted to limit the scope of our subscription to 1 or more projects, we would
disable Any project and specify the project(s) here.
Create a Blueprint
1. Navigate to Blueprints
2. Click + NEW
1. In the Code section of the right-hand pane, set the machine resource's image
property to 'CentOS7'
There is no need to wait for the deployment to complete, since the build may take a few
minutes.
Let's check the extensibility event log for our compute provision event:
1. Under Notified Subscriptions at the bottom of the page, find and click the Add
VM Tags action subscription run
2. If the Add VM Tags subscription run is not yet present, click REFRESH every 30
seconds or so until it appears
1. Confirm that the action subscription run shows a status of Completed, or wait a
few minutes until it does (the screen should refresh automatically)
2. In the Details tab, scroll and find the Outputs JSON value, showing the function
and environment tags
If there was an issue with our action subscription run, we would be able to obtain some
troubleshooting information given the information on this screen.
Navigate back to the deployment details screen and view the tags:
1. Navigate and fully expanded Hosts and Clusters menu if not done
automatically
2. Find and click the machine resource we just deployed
3. In the machine summary in the right-hand pane, scroll down to find the Tags
section
4. Confirm that the machine has been tagged with environment:dev and
function:app here as well
Lab Housekeeping
Before you continue further with this lab, please destroy any virtual machines that were
provisioned.
Summary
This time we'll look at creating a compute provisioning post subscription that invokes a
vRealize Orchestrator workflow after the cloud resource has been deployed.
Some files that will be used in the following exercise are stored in an online repository.
These files must be copied over to the local repository on the Main Console server.
**If you have not already updated the local repository since you started this
lab, proceed to the next page. If you have already updated the files, click here to skip
ahead.
1. Double-click the GitHub Desktop icon on the desktop of your lab environment
desktop, or click the GitHub Desktop icon in the taskbar of your lab
environment desktop
Synchronize the repository on the local machine with the online repository if necessary:
1. If an option appears to pull commits from the origin remote, click Pull origin
Note: This option is not always available. If that's the case, simply proceed to the next
step.
Now the files have been synchronized to the local repository. We can now:
1. View and edit text files in the repository directly in the Microsoft Visual Studio
Code editor; or
2. Access the files in Windows Explorer
Our files will still be accessible in the Lab Files folder on the desktop of the Main Console
computer or from Microsoft Visual Studio Code.
Before we begin creating a compute provisioning post subscription, let's look at the
workflow we will be leveraging.
One of your integration engineers has built a workflow that will allow users to change
the root password of the machine they request through vRealize Automation.
1. Click the Schema tab to see the workflow elements. Feel free to look at other
parts of the workflow but don't change anything
2. Once you've reviewed the workflow, click CLOSE
We want the action to run after the cloud resource is provisioned, so the compute post
provision event topic is the appropriate choice:
Set Condition
Let's add a condition so that this subscription will only run when the request contains a
custom property "newPassword":
1. For Runnable type, clikck to expand the list and select VRO WORKFLOW
2. Search for change root
3. Select the Change root password workflow (remember, this is the name of the
workflow that we just looked at in Orchestrator)
4. Click SELECT
Upload a Blueprint
There is a blueprint in the Lab Files directory that we will import for this part of the
lesson.
1. Navigate to Blueprints
2. Click UPLOAD
1. Click UPLOAD
1. Note the last line of the blueprint includes a custom property called
newPassword
This property is the trigger that will ultimately cause our Orchestrator workflow to run. If
you remember when we created the post provision subscription, we set the condition:
event.data.customProperties.newPassword != null
This blueprint contains a value for that custom property (it will prompt the user via the
$(input.rootPassword) code and will place the resulting value in the newPassword
custom property. Therefore, that property will not be null and the subscription will
trigger to call the Orchestrator workflow at the end of the provisioning process for this
blueprint.
Because of that last line in the blueprint, you are prompted to input a value that will be
stored in the variable that will be passed to the Orchestrator workflow after the machine
has been provisioned
Note that the root password for the VM template (image) that this blueprint deploys is
VMware1!. The post provision subscription that we created will change the root
password on the machine after it deploys to whatever we enter in this form.
There is no need to wait for the deployment to complete, since the build may take a few
minutes.
Let's check the extensibility event log for our compute post provision event:
5. If the event is not yet present, click the refresh arrow every 30 seconds or so
6. Once the Compute post provision event appears, click on its event ID to see
the event details
It may be a few minutes before the compute post provision event appears, because it
occurs after the machine resource is provisioned.
1. Review the event details, and notice the deployment ID is shown as part of the
Correlation ID
2. Under Notified Subscriptions at the bottom of the page, find and click the
Change root password workflow subscription run
3. If the Change root password subscription run is not yet present, click
REFRESH every 30 seconds or so until it appears
1. Confirm that the workflow subscription run shows a status of Completed, or wait
a few minutes until it does (the screen should refresh automatically)
2. In the Details tab, observe that the inputted password is given under Inputs >
inputProperties > customProperties > newPassword
3. In the right-hand pane, any available logs for the Orchestrator workflow run
would appear here
4. For the next step, take note of the machine resource name under Inputs >
inputProperties > resourceNames
If there was an issue with our workflow subscription run, we would be able to obtain
some troubleshooting information given the information on this screen.
As a final confirmation of your work, let's test out the password via the vSphere Web
Console.
1. Navigate and fully expand the Hosts and Clusters menu if not done
automatically
2. Find and select the machine resource we just deployed
3. In the machine summary in the right-hand pane, click Launch Web Console
4. In the Launch Console dialog box, select Web Console and click OK (not
shown)
This will launch a console to log into the machine in a new tab.
Attempt to Login
Validate Login
Lab Housekeeping
Before you continue further with this lab, please destroy any virtual machines that were
provisioned.
Summary
We have just demonstrated how to create a compute post provision subscription using a
vRealize Orchestrator workflow.
Conclusion
In this module, you learned about how vRealize Automation Cloud Assembly
extensibility allows us to extend application life cycles. You were able to create action-
based extensibility (ABX) actions, and add subscriptions to invoke extensibility actions
and vRealize Orchestrator workflows to perform custom automation and integration.
You can page forward to the next module or select one of the links below to jump to the
module of your choice:
Or, if you would like to end the lab, see the next page.
1. To end your lab click on the END button at the top of your lab console
Module 5 - Managing
Content in Service Broker
(45 minutes)
As a user, you can request and monitor the provisioning process in Service Broker.
Here, you can also manage the deployed catalog items and perform day-2 operations
throughout the deployment lifecycle.
In this module, we will demonstrate how to import Cloud Assembly blueprints and
CloudFormation templates, assign them to projects, attach governance policies in
accordance with business requirements, and configure custom forms.
Learn More
1. Double-click the Google Chrome shortcut on the desktop if not already open
(not shown)
2. Click the vRealize Automation bookmark
2. Click Sign in
In the Cloud Services Console, we see the services to which we are entitled in this
organization.
Ready to Go
With that, we are logged into Service Broker and ready to start configuring our
environment.
There is a shortcut on the desktop that you will use to execute the script.
1. Click the bottom-right corner of the desktop next to the clock to minimize all
windows and show the desktop
The lab must be in a Ready state in order for the script to work. The cloud accounts
cannot be configured until vRealize Automation is fully up and running. The way for you
to know that it is ready, is to check the status of the lab environment on the desktop.
If you see anything other than Lab Status Ready on the desktop, do not proceed with
the following steps until the status changes to Ready.
Once you have verified that the lab status is Ready, Double-click the icon on the
desktop titled Configure Cloud Accounts to launch the script in a command prompt
window.
Hopefully your command prompt window will show that credentials were found and that
the public cloud related objects were created in vRealize Automation. If so, press any
key on your keyboard to close the window and then proceed with the lab.
There are a limited number of cloud accounts available for use with this Hands on Lab.
Depending on how many other people are taking the lab at the same time as you, there
may not be any credentials available now. If this is the case you will see output in the
command prompt window informing you that everything was successfully created. You
can still proceed with the lab but know neither the AWS nor the Azure public cloud
accounts will be available. If that happens, you can wait and try running the script again
later or stop the lab and re-launch it later.
In this section, we will take a look at how we would add content sources from
CloudFormation templates, Cloud Assembly blueprints, and vRealize Orchestrator
workflows.
Some files that will be used in the following exercise are stored in an online repository.
These files must be copied over to the local repository on the Main Console server.
**If you have not already updated the local repository since you started this
lab, proceed to the next page. If you have already updated the files, click here to skip
ahead.
1. Double-click the GitHub Desktop icon on the desktop of your lab environment
desktop, or click the GitHub Desktop icon in the taskbar of your lab
environment desktop
Synchronize the repository on the local machine with the online repository if necessary:
1. If an option appears to pull commits from the origin remote, click Pull origin
Note: This option is not always available. If that's the case, simply proceed to the next
step.
Now the files have been synchronized to the local repository. We can now:
1. View and edit text files in the repository directly in the Microsoft Visual Studio
Code editor; or
2. Access the files in Windows Explorer
Our files will still be accessible in the Lab Files folder on the desktop of the Main
Console computer or from Microsoft Visual Studio Code.
The first content source we are going to add is an S3 bucket hosting some
CloudFormation Templates.
We are automatically directed back to the Content Sources screen, where we see our
new trading CloudFormation Templates content source.
1. Note that the import process will initially show 0 items imported
2. Click the refresh arrow
Once we have refreshed the screen, we note that only 11/15 items imported. Thus, 4
items failed to import.
The pop-up will display the error messages detailing why the remaining 4 items could
not be imported. This allows us to perform some validation when importing, to make
sure that we don't publish anything to the catalog that would not work.
1. Once finished reviewing the errors, click X to close the error details window
Before we can request new content in the catalog, we need to share the content to the
project.
Now we can visit the catalog and request one of the CloudFormation Templates!
Submit a Request
All the fields presented in the request form are exposed by the CloudFormation Template
as inputs, and need to be completed in order to submit the request.
Once we submit the request, we are navigated to the Deployments tab, where we can
watch the progress of our ctf1 deployment. The provisioning may take a few minutes to
complete.
1. Once the deployment has completed, copy (CTRL+C) the website URL to the
clipboard
2. Open a new browser tab
1. Paste (CTRL+V) the website URL, and hit the ENTER key
Lab Housekeeping
Once you are happy with the state of the deployment, we should delete our cft1
deployment:
Create a Blueprint
1. Navigate to Blueprints
2. Click UPLOAD
While the Release this version to the catalog option is a shorter way to accomplish
what we will be doing in our lab, we want to learn how to do this manually as part of this
exercise.
The versioned blueprint must be released before it can be published in Service Broker.
Let's release it.
Before we can request new content in the catalog, we need to share the content to the
project.
Before we go to the Service Catalog to deploy our catalog item, let's create a 10-day
lease policy.
We have created a 10-day lease policy with a 1-day grace period for our module 5
blueprint. That means that a module 5 deployment can be initially active for up to 10
days before the lease expires, and then there is a grace period of 1 day before the
machine is destroyed. For our purposes, we have left all other settings as default. A brief
word on these settings:
Scope allows you to set a lease either for a specific project or for the overall
organization. Organization level policies are processed before project level policies.
Enforcement type allows you to set a hard policy or a soft policy. Hard policies are
processed before soft policies.
For more information, see How do I configure vRealize Automation Service Broker
deployment leases using policies.
Now it's time to request a machine for the cloud assembly blueprint we relased.
We want to verify the lease policy is applied once it is provisioned, but it might take
several minutes to complete, so let's move on to the next exercise for now.
Now that we have successfully imported and provisioned Cloud Automation blueprints,
let's do the same with vRealize Orchestrator workflows.
We will demonstrate how to add an Orchestrator workflow to the Service Broker catalog
using a library workflow, Create directory in guest.
Now let's create another content source for our Orchestrator content:
1. In the Search workflows field, type create dir and hit ENTER
2. Select the checkbox for workflow Create directory in guest
3. Click ADD
1. Back in the New Content Source screen, click CREATE & IMPORT
Before we can request new content in the catalog, we need to share the content to the
project.
2. Wait until the workflow has completed, which has occurred once the deployment
displays 1 Resource
As a final confirmation that the mod52 vRealize Orchestrator request ran successfully,
let's confirm the new folder was created via the vSphere Web Console.
1. Navigate and fully expand the Hosts and Clusters menu if not done
automatically
2. Find and select app-01a
3. In the machine summary in the right-hand pane, click Launch Web Console
4. In the Launch Console dialog box, select Web Console and click OK (not
shown)
This will launch a console to log into the machine in a new tab.
1. Entering cd /usr/mod5
Let's check on the mod5 virtual machine that was provisioned in the earlier exercise:
Lab Housekeeping
Before you continue further with this lab, please destroy any virtual machines that were
provisioned.
Summary
We have just demonstrated how to add content to the Service Broker catalog from
CloudFormation templates, Cloud Assembly blueprints, and vRealize Orchestrator
workflows.
When customizing the request form, we can also design the input parameters that allow
the user requesting a catalog item to provide the values, as well as customize how the
custom options are presented in the form.
Let's restrict the length and set of characters that can be entered for the hostname
field:
The custom form won't be displayed to the end user until it is activated.
Now we will test out our custom form from the service catalog.
1. Click Catalog
2. Find the module 5 catalog item tile and click REQUEST
Note that the error message notifies us that the entry violates the minimum length for
the field.
Note that the error message notifies us that the entry violates the maximum length for
the field.
Note that the error message notifies us that the entry is invalid, and we see the
validation error message, Alphanumeric characters only, that we provided for the
regular expression constraint.
There is no need to wait for the deployment to complete, since the build may take a few
minutes.
Now let's enhance our form once more with a dropdown populated via an external
source, a vRealize Orchestrator action.
One of your integration engineers has built an action that will provide a list of cost
centers.
2. Click Content
3. For module 5, and click its vertical ellipses button
4. Click Customize form (not shown)
Let's update the Cost Center field to use our vRealize Orchestrator action:
1. In the Values tab, click the caret icon next to Value options
2. Set Value source to External source
3. Under Select action, start typing the name of our action, getCost and wait for
the list to populate
4. When the getCostCenters action appears in the search results, select it
5. At the bottom-left of page, click SAVE (not shown) to save the changes to the
custom form
Now we will test out the latest changes to our custom form from the service catalog.
1. Click Catalog
2. Find the module 5 catalog item tile and click REQUEST
This is a great way to dynamically retrieve data values from a single source of truth.
Summary
We have just demonstrated various ways you can design a custom form to enhance the
end-user experience.
For more information, visit the following product documentation at Learn more about
vRealize Automation Service Broker custom forms.
Conclusion
In this module, we looked at how to import existing content into Service Broker. We
created content sources for CloudFormation templates, Cloud Assembly blueprints, and
vRealize Orchestrator workflows. We also configured custom forms to enhance the end-
user experience.
You can page forward to the next module or select one of the links below to jump to the
module of your choice.
Or, if you would like to end the lab, see the next page.
You can continue on to additional lessons in the lab. However, if you want to end the
lab:
1. To end your lab click on the END button at the top of your lab console
Module 6 - Integrating
Development Tools into
Code Stream Pipelines
(30 minutes)
Introduction
VMware Code Stream provides continuous integration and continuous delivery (CI/CD)
software that enables you to deliver software rapidly and reliably, with little overhead.
VMware Code Stream supports deploying monolithic legacy applications, as well as
Docker and Kubernetes containers running on multiple clouds. VMware Code Stream
simplifies the ability to build, test, deploy your applications, and increases your
productivity as you release source code from the development repository, through
testing, to production. VMware Code Stream supports custom applications, commercial
applications, and objects such as blueprints.
With VMware Code Stream, you create pipelines that automate your entire DevOps
lifecycle while using existing development tools such as Git and Jenkins.
In this lab you will learn how to integrate Code Stream with a number of native
endpoints to deliver a robust release process.
perception that IT is "too slow." However, the initial efforts have proven to be costly and
complex, and Rainpole Systems is looking for a more comprehensive approach to
application modernization.
Rainpole Systems has made the decision to use vRealize Code Stream as part of a larger
process to build application release pipelines combining infrastructure operations and
developer tools, in order to bridge the gap between the teams and allow them to
combine efforts in modernizing their applications. For a target application, the Rainpole
teams have chosen RPWeb - a monolithic application used by company employees to
keep up with company news and events, access and understand their benefits, and
more. This application is an important part of the employee experience, however it has
languished over the past several years and is in need of an upgrade.
In this lab exercise, you will build a Code Stream pipeline to start the process of building
an end to end release process to test the RPWeb application. This pipeline will
represent the first steps of Rainpole's infrastructure operations and developers
beginning to work more closely together.
Username: holadmin
Password: VMware1!
On first login, the Guided Setup diagram will be displayed. This diagram can help to
walk you through configuring Code Stream, creating and running pipelines, and viewing
dashboards covering specific use cases. This lab exercise will not use this diagram, so it
can be dismissed.
1. Click Continue to close the Guided Setup diagram (note that this diagram can be
accessed at a later time if desired.)
Closing the Guided Setup Diagram will move the Guided Setup process to a sidebar on
the right. This sidebar allows you to go through specific steps of the Guided Setup
process individually. We will close this sidebar as well in order to provide enough screen
space for this lab.
The Code Stream interface includes multiple sections. We will not explore all of them in
detail in this lab, but the list includes:
• Dashboards
• Executions
• User Operations
• Pipelines
• Custom Integrations
• Configure
• Triggers
View Projects
Several projects have already been defined in vRealize Automation for this exercise,
along with exercises in other modules in this lab.
1. Note the Rainpole Project listing. This is the project that Rainpole Systems
developer and operations teams will use for this pipeline.
2. Click Endpoints to continue.
Configuring endpoints allows Code Stream to integrate with additional solutions outside
of vRealize Automation.
1. Note the Jenkins endpoint. We will be using this endpoint in a task in a Code
Stream pipeline later in this module.
2. Click +NEW ENDPOINT to open the New Endpoint screen.
In addition to the endpoints already configured for this lab, Code Stream allows for
several endpoint options.
1. Click the select box next to Type to expand the list and view all available
endpoint types.
2. Click Cancel to exit this page.
Next, we will create our first pipeline for the Rainpole Web application.
Pipelines can be created from scratch, or via the use of Smart Templates for common
pipeline types.
With the pipeline name and assigned to a project, the pipeline design canvas will open.
1. New Pipelines are Disabled by default. You can disable and enable pipelines to
make them available for execution.
2. Code Stream uses Stages to determine how you want to configure your pipeline
to execute.
3. There are 4 tabs at the top categorizing the data that you can use in this pipeline.
We will not be exploring these additional tabs in this limited lab.
4. Click +Stage in the design canvas to create a new stage.
Code Stream pipelines consist of one or more stages, and each stage consists of one or
more tasks. In this exercise we will only be creating a single-stage pipeline.
By default, stages are named "Stage#", starting at Stage0. But these names can be
changed.
1. Click on Stage name in the details tab and enter Test to rename the stage.
2. Click on +Sequential Task to create a new task.
1. Note the change to task options in the design canvas when the first task is
created. Code Stream tasks can run in sequence or in parallel.
2. Click on the text box next to Task name and enter rpweb Deploy to rename the
task.
3. Click on the Type select box and select Blueprint.
1. Note the execution options for this task. Failure will cause the pipeline execution
to stop by default, but checking the Continue on failure checkbox will allow
pipeline execution to continue. The Execute task options also allow you to define
conditions for which the task will execute; if the conditions are not met, the
specific task will be skipped.
2. Tasks also provide output parameters based on task type. These parameter
values can be used to provide parameters to other tasks in the pipeline, or as
conditions for task execution.
3. Click on Cloud Assembly Blueprints to select it as a Blueprint source and
expose additional configuration options.
Code Stream integrates natively with Cloud Assembly to use blueprints and
deployments defined there inside pipelines. Although this task will create a new
deployment from a versioned blueprint, Code Stream tasks can update existing
deployments as well. For more information on Cloud Assembly blueprints, go to Module
2.
1. Click on +Sequential Task to create a second task in this stage. We want this
task to execute after the first task is complete, hence the creation of another
sequential task.
1. Click on the text box next to Task name and enter rpweb Install.
2. Click on the select box next to Type and select Jenkins from the list, to add
Jenkins task parameters.
1. Note the options for this type of task - they are not the same as the options
available when the first task was defined. Additional options for Jenkins tasks will
be shown once an endpoint and job are defined as well.
2. Note that this task produces different output parameters as well. As with the
Blueprint task, these parameters can be used as parameters or as conditions in
subsequent tasks.
1. Click on the select box next to Endpoint, and select Jenkins (this is the endpoint
definition that we viewed in the previous exercise.)
2. Click on the select box next to Job, and select the Build-RPWeb job
The Build-RPWeb job was created by the Rainpole developers to install the RPWeb
application onto an existing server. This job can be used by Code Stream in
combination with the Cloud Assembly deployment in the previous task, to quickly
deploy a server prepared for the RPWeb application and to install the application itself.
While this specific Jenkins job does not have any parameters defined, if a parameterized
Jenkins job is used, parameters will be added to this task to be defined once the job is
chosen.
The first code pipeline for the RPWeb application is complete. While this specific
example is basic, Code Stream is able to tie together multiple development tools like
Jenkins, Git, Artifactory, and more, along with Cloud Assembly, vRealize Orchestrator,
and several types of Kubernetes endpoints for modern workloads. With the ability to
integrate many solutions together into multi-stage, conditional pipelines, Code Stream
allows developers and operations teams to work together to streamline the code release
process.
This initial pipeline will allow Rainpole's operations team and developers to begin to
work together on deploying updates to the RPWeb application. With this initial
integration in place, the Rainpole teams will be able to expand on this pipeline going
forward as they modernize the RPWeb application.
With this initial pipeline complete, we will prepare the pipeline and execute it in a later
exercise.
Before executing the pipeline, we will verify that the application is not running in this
environment.
The RPWeb application is not currently running in this environment, so the connection
request will eventually time out. Once the pipeline execution is complete, we will return
to this tab.
Additional execution-specific data can be provided before the pipeline execution begins.
With the pipeline execution underway, we will view the execution in progress.
The existing execution may be queued or it might already be in progress. The tab
provides high-level information, but we can click on the execution itself to see more
detail.
2. Click the execution name Rainpole RPWeb#1 to view the execution in detail.
Viewing the execution details shows the current progress of the execution, as well as
details on input and output parameters, if used. Details for specific tasks can be viewed
as well.
1. Click either task to view execution details specific to that task (not shown.) As
each task completes, details will update to show status, duration, and populated
parameters from the task.
2. Click the Rainpole RPWeb#1 execution name to view the overall status of the
execution.
When the deployment is complete, the Execution screen will show a status of
COMPLETED and the duration for the entire execution will be specified. Input and
output parameters will also be defined and populated, however we are not using
parameters in this introductory pipeline.
Note the deployed RPWeb application. Both the server hosting the application and the
application itself were provisioned live, using different tools, in a single Code Stream
pipeline. Now that Rainpole's developers and operations teams can combine efforts to
deliver infrastructure and the application seamlessly, this application can be
modernized to deliver the improved employee experience that Rainpole Systems is
looking for.
Now that we have executed a Code Stream pipeline, we can view dashboards of pipeline
execution statistics. Code Stream will automatically create a dashboard for each
pipeline once it has been executed at least one time, and customized dashboards can
be created as well.
1. Note the status boxes for the most recent execution, and executions over time
(last 14 days by default.)
2. Note the statistics for the executions, including Mean Time To Deliver (MTTD,)
Mean Time To Failure (MTTF,) Mean Time Between Deliveries (MTBD,) and Mean
Time To Recover (MTTR.) Each of these statistics will begin to populate with
additional executions.
3. Scroll down to view additional details on execution stages, tasks, and trends.
Conclusion
In this module, we introduced you to Code Steam through the following topics:
Although this lab was only a starting example, hopefully you have been able to
understand the use case of immutable infrastructure by combining Cloud Assembly and
Code Stream.
You can select one of the links below to jump to the module of your choice.
Or, if you would like to end the lab, see the next page.
1. To end your lab click on the END button at the top of your lab console
Conclusion
Thank you for participating in the VMware Hands-on Labs. Be sure to visit
http://hol.vmware.com/ to continue your lab experience online.
Version: 20200422-005021