Edu en Vraaft8 Lab Ie

VMware vRealize Automation:
Advanced Features and

Troubleshooting [V8.x]
Lab Manual
VMware® Education Services

VMware, Inc.
www.vmware.com/education
VMware vRealize Automation: Advanced Features and Troubleshooting [V8.x]
Lab Manual
vRealize Automation 8
Part Number EDU-EN-VRAAFT8-LAB (21-JUN-2022)
Copyright © 2022 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of
VMware, Inc. in the United States and/or other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. VMware vSphere®
Client™, VMware vSphere®, VMware vRealize® Suite Lifecycle Manager™, VMware vRealize®
Orchestrator™, VMware vRealize® Automation Code Stream™, VMware vRealize®
Automation Cloud™, VMware vRealize® Automation™ , VMware vRealize®, VMware vCenter
Server®, VMware Workspace ONE® Access™, VMware View®, VMware Horizon® View™,
VMware Verify™, VMware Cloud™ on AWS GovCloud (US), VMware Cloud™ on AWS
Outposts, VMware Service Broker™, VMware Photon™, VMware NSX-T™ Data Center,
VMware NSX-T™, VMware NSX® Manager™, VMware NSX®, VMware Go™, VMware ESXi™,
VMware Code Stream™, VMware Cloud Assembly™ and VMware ACE™ are registered
trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
The training material is provided “as is,” and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular
purpose or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the
possibility of such claims. This material is designed to be used for reference purposes in
conjunction with a training course.
The training material is not a standalone training tool. Use of the training material for self-
study without class attendance is not recommended. These materials and the computer
programs to which it relates are the property of, and embody trade secrets and confidential
information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed,
transferred, adapted or modified without the express written approval of VMware, Inc.
Typographical Conventions
The following typographical conventions are used in this course.
Conventions Usage and Examples
Monospace Identifies command names, command options, parameters, code

fragments, error messages, filenames, folder names, directory names,
and path names:
• Run the esxtop command.
• ... found in the /var/log/messages file.
Monospace Identifies user inputs:

Bold
• Enter ipconfig /release.
Boldface Identifies user interface controls:
• Click the Configuration tab.
Italic Identifies book titles:
• vSphere Virtual Machine Administration
<> Indicates placeholder variables:
• <ESXi_host_name>
• ... the Settings/<Your_Name>.txt file
Contents
Lab 1 Creating and Deploying a MySQL Server.................................................................. 1

Task 1: Upload and Review a MySQL Server Blueprint ...................................................................................... 2
Task 2: Deploy and Delete the MySQL Server...................................................................................................... 8
Lab 2 Using YAML to Create a Configuration File ............................................................ 9
Task 1: Upload a YAML Blueprint That Creates a Netplan Configuration File .......................................... 10
Task 2: Deploy and Delete the Blueprint Deployment ...................................................................................... 15
Lab 3 Troubleshooting an Advanced Blueprint ............................................................... 17
Task 1: Import a Broken YAML Blueprint and Correct Problems .................................................................. 18
Task 2: Deploy, Test, and Delete the Deployment ........................................................................................... 20
Lab 4 Adding Users and cloudConfig Commands ......................................................... 22
Task 1: Upload a YAML Blueprint That Builds a My SQL Server with Users and a Static IP Address
............................................................................................................................................................................. 23
Task 2: Deploy Your Blueprint................................................................................................................................... 24
Task 3: Examine the Blueprint of the MySQL Server with Users and Static IP ...................................... 25
Task 4: Examine Your Static IP Input Variables for the MySQL Server .................................................... 26
Task 5: Examine the Software Packages...............................................................................................................27
Task 6: Verify the MySQL User Configuration .....................................................................................................27
Task 7: Examine Your Network Configuration for the MySQL Server ...................................................... 28
Task 8: Verify the MySQL User and Database Configuration ....................................................................... 30
Task 9: Examine the Complete YAML for the MySQL Back-End Virtual Machine ................................ 32
Task 10: Test and Delete the MySQL Server ...................................................................................................... 38
Lab 5 Creating and Deploying a Front-End Server ....................................................... 39
Task 1: Upload a YAML Blueprint That Builds a Front-End Server .............................................................. 40
v
Task 2: Deploy Your Blueprint.................................................................................................................................... 41
Task 3: Examine the Blueprint with the Front-End Server Added .............................................................. 42
Task 4: Verify Your Static IP Input Variables for the Front-End Server.................................................... 43
Task 5: Examine the Software Packages.............................................................................................................. 44
Task 6: Examine the MySQL User Configuration ............................................................................................... 45
Task 7: Examine Your Network Configuration for the Front-End Server................................................. 46
Task 8: Examine the MySQL User Configuration ............................................................................................... 48
Task 9: Examine the Complete YAML for the Front-End Virtual Machine ............................................... 50
Task 10: Test and Delete the Two Servers .......................................................................................................... 54
Lab 6 Installing phpMyAdmin ................................................................................................ 56
Task 1: Upload a YAML Blueprint That Deploys a Front-End Server With phpMyAdmin Installed .57
Task 3: Examine the Installation Code for the phpMyAdmin Server .......................................................... 59
Task 4: Test and Delete the Deployment ............................................................................................................. 69
Lab 7 Configuring phpMyAdmin to Connect to the MySQL Server........................ 72
Task 1: Upload the YAML Blueprint ..........................................................................................................................73
Task 3: Examine the YAML Code That Connects the Front-End phpMyAdmin Server to the Back-
End MySQL Server .......................................................................................................................................75
Task 4: Test and Delete the Two Servers............................................................................................................ 78
Task 5: Redeploy Your Blueprint with Nondefault Variables .......................................................................... 81
Lab 8 Creating a Blueprint Using the NSX-T Data Center Components................ 83
Task 1: Create Network Profiles ............................................................................................................................... 84
Task 2: Create the Multitier Blueprint: Define Virtual Machines..................................................................... 88
Task 3: Create the Multitier Blueprint: Define Networks ................................................................................. 90
Task 4: Create the Multitier Blueprint: Define Security Groups ..................................................................... 91
Task 5: Create the Multitier Blueprint: Define the Load Balancer ................................................................ 93
Task 6: Connect Network Components to Virtual Machines......................................................................... 94
Lab 9 Deploying the Blueprint and Validating the NSX-T Data Center Objects . 97
Task 1: Deploy the 3-Tier Blueprint.......................................................................................................................... 98
Task 2: Review the Deployed NSX-T Data Center Objects .......................................................................... 99
Task 3: Validate the Application and Load Balancer ........................................................................................ 101
Task 4: Validate the Security Rules ....................................................................................................................... 103
Task 5: Save the Lab Resources ............................................................................................................................ 104
vi
Lab 10 Using vRealize Orchestrator to Create a DNS Entry When vRealize
Automation Deploys a System ........................................................................................... 105
Task 1: Prepare Your PowerShell Host ................................................................................................................ 106
Task 2: Connect Your PowerShell Endpoint in vRealize Orchestrator .................................................... 108
Task 3: Import and Modify a YAML Blueprint That Creates an Ubuntu VM with a Static IP Address
............................................................................................................................................................................ 110
Task 4: Import a vRealize Orchestrator Package .............................................................................................. 112
Task 5: Wait for the Data Collection ....................................................................................................................... 115
Task 6: Create a Subscription ....................................................................................................................................116
Task 7: Deploy Your Ubuntu System ..................................................................................................................... 118
Lab 11 Using vRealize Orchestrator to Delete a DNS Entry When vRealize
Automation Deploys a System ............................................................................................. 121
Task 1: Import and Modify a vRealize Orchestrator Workflow .................................................................... 122
Task 2: Wait for the Data Collection ...................................................................................................................... 125
Task 3: Create a Subscription ...................................................................................................................................126
Task 4: Delete the Ubuntu System.........................................................................................................................128
Lab 12 Creating a Custom Resource to Manage Active Directory Users ............ 130
Task 1: Connect Your Active Directory Server in vRealize Orchestrator ................................................. 131
Task 2: Connect Your vCenter Server System in vRealize Orchestrator ...............................................134
Task 3: Create a Custom Resource .......................................................................................................................136
Task 4: Import and Modify a YAML Blueprint That Creates an Ubuntu VM with a User Account 140
Task 5: Deploy the Ubuntu System and Test the Custom Resource........................................................145
Task 6: Test the Add a User to a User Group Additional Action................................................................148
Task 7: Test the Additional Actions ...................................................................................................................... 150
Task 8: Delete the Ubuntu System and the Active Directory User ............................................................ 151
Lab 13 Creating a Resource Action to Move a Virtual Machine to a Folder ........ 152
Task 1: Deploy a Virtual Machine to Test Your Resource Action................................................................ 153
Task 2: (Optional) Add a vCenter Server Instance to vRealize Orchestrator........................................ 155
Task 3: Create Your Binding Action ....................................................................................................................... 157
Task 4: Test Your Binding Action .......................................................................................................................... 160
Task 5: Create a vRealize Automation Resource Action ...............................................................................162
Task 6: Test Your Resource Action .......................................................................................................................164
Lab 14 Creating a Content Source from vRealize Orchestrator.............................. 166
Task 1: Create a Content Source from a vRealize Orchestrator Workflow............................................ 167
vii
Task 2: Share the New Content ..............................................................................................................................168
Task 3: Run the New Catalog Item .........................................................................................................................169
Task 4: Verify the Deployment ................................................................................................................................170
Lab 15 Creating an ABX Action to Rename a Virtual Machine .................................. 171
Task 1: Create an Action Script ................................................................................................................................ 172
Task 2: Create a Subscription ................................................................................................................................... 175
Task 3: Upload a Blueprint ......................................................................................................................................... 177
Task 4: Test Your Action by Deploying the Blueprint .................................................................................... 178
Task 5: Delete the Deployment to Save the Lab Resources ........................................................................ 181
Task 6: Disable the Rename VM on Deployment Subscription ..................................................................... 181
Lab 16 Creating an ABX Action to Tag a Virtual Machine..........................................182
Task 1: Create an Action Script ................................................................................................................................183
Task 3: Upload and Modify a Blueprint ..................................................................................................................188
Task 4: Test Your Action by Deploying the Blueprint ................................................................................... 190
Task 5: Delete the Deployment to Save the Lab Resources ....................................................................... 192
Lab 17 Creating an ABX Action to Dump the Payload................................................193
Task 1: Create an Action Script ................................................................................................................................194
Task 3: Test Your Action By Deploying the Blueprint ....................................................................................198
Task 4: Delete the Deployment to Save the Lab Resources .......................................................................199
Lab 18 Combining ABX Actions to an ABX Flow........................................................ 200
Task 1: Create an Action Flow ................................................................................................................................. 201
Task 2: Add a Conditional Statement to Your Action Flow ....................................................................... 205
Task 3: Modify the First Action Script to Output Custom Properties..................................................... 208
Task 4: Create a Subscription................................................................................................................................. 209
Task 5: Modify an Existing Blueprint ........................................................................................................................ 211
Task 6: Test Your Action by Deploying the Blueprint..................................................................................... 213
Task 7: Verify Your Deployments and Actions.................................................................................................. 215
Task 8: Delete the Deployment to Save the Lab Resources ....................................................................... 218
Lab 19 Troubleshooting an ABX FLow ............................................................................. 219
Task 1: Import Several Actions ............................................................................................................................... 220
Task 2: Create a Subscription ................................................................................................................................... 221
viii
Task 3: Test Your Action by Deploying the Blueprint .................................................................................... 223
Task 4: Troubleshoot the Problems in Your Actions......................................................................................224
Task 5: Correct the Code in Bad-Rename-vSphere-VM ...............................................................................226
Task 6: Test Your Corrected Action by Deploying the Blueprint .............................................................. 228
Task 7: Verify Your Deployments and Actions.................................................................................................229
Task 8: Delete the Deployments to Save the Lab Resources ..................................................................... 231
Lab 20 Build a Deployment in Kubernetes ..................................................................... 232
Task 1: Build a Simple Container .............................................................................................................................. 233
Task 2: Expose the Container to the Cluster IP ...............................................................................................234
Task 3: Create a Single Deployment..................................................................................................................... 235
Task 4: Deploy the Pod and Service .................................................................................................................... 237
Lab 21 Deploying a Load Balanced Deployment in Kubernetes .............................238
Task 1: Create a Replica Set of Multiple Pods ...................................................................................................239
Task 2: Deploy and Verify the Replica Set ..........................................................................................................241
Lab 22 Using vRealize Automation Code Stream to Deploy a Basic Container242
Task 1: Create a Kubernetes Namespace ...........................................................................................................243
Task 2: Set Up the Pipeline...................................................................................................................................... 244
Task 3: Set Up Parameters for the Pod ..............................................................................................................246
Task 4: Set Up Parameters for the Network Service ....................................................................................248
Task 5: Deploy the Container ................................................................................................................................. 250
Task 6: Verify Your Container Creation................................................................................................................ 251
Lab 23 Using vRealize Automation Code Stream to Build a Replica Set Container
with a Load Balancer .............................................................................................................. 252
Task 1: Create a Kubernetes Namespace ........................................................................................................... 253
Task 2: Set Up the Pipeline.......................................................................................................................................254
Task 3: Set up Parameters for the Pod ............................................................................................................... 255
Task 4: Configure the Build Namespace Task ................................................................................................... 257
Task 5: Configure the Build Namespace Local YAML File ........................................................................... 258
Task 6: Build the Build Replica Set Stage ............................................................................................................259
Task 7: Build the Build Replica Set Task ............................................................................................................. 260
Task 8: Build the Build Services Stage .................................................................................................................262
Task 9: Configure the Expose 80 Task ...............................................................................................................263
Task 10: Create the Update Load Balancer Task.............................................................................................264
Task 11: Verify Your Pipeline.....................................................................................................................................266
ix
Task 12: Deploy the Container ................................................................................................................................270
Task 13: Verify Your Container Creation with One Pod ................................................................................. 271
Task 14: Deploy the Container with Two Pods.................................................................................................. 271
Task 15: Verify Your Container Creation With Two Pods ............................................................................ 272
Lab 24 Calling Cloud Assembly and vRealize Orchestrator from vRealize
Automation Code Stream..................................................................................................... 273
Task 1: (Optional) Prepare Your PowerShell Host ...........................................................................................274
Task 2: (Optional) Connect Your PowerShell Endpoint in vRealize Orchestrator ............................... 276
Task 3: Import a vRealize Orchestrator Package ............................................................................................ 278
Task 4: Tag Your vRealize Orchestrator Workflow ...................................................................................... 280
Task 5: (Optional) Upload a YAML Blueprint That Deploys an Ubuntu Server with a Static IP
Address ...........................................................................................................................................................281
Task 6: Release Your Blueprint ...............................................................................................................................282
Task 7: Add a vRealize Orchestrator Endpoint to vRealize Automation Code Stream .................... 283
Task 8: Set Up the Pipeline.......................................................................................................................................284
Task 9: Configure Inputs for the Pipeline ............................................................................................................285
Task 10: Configure the Deploy VM Task ............................................................................................................. 287
Task 11: Configure the Add IP TO DNS Task .....................................................................................................289
Task 12: Run the Pipeline ............................................................................................................................................291
Task 13: Rerun the Pipeline .......................................................................................................................................294
Lab 25 Configuring the GitLab Repository .................................................................... 296
Task 1: Configure GitLab ............................................................................................................................................ 297
Task 2: Configure the GitLab Repository............................................................................................................299
Lab 26 Integrating GitLab with vRealize Automation ................................................. 301
Task 1: Create GitLab Integration .......................................................................................................................... 302
Task 2: Modify the Blueprints in GitLab............................................................................................................... 304
Lab 27 Configuring and Using Ansible............................................................................. 305
Task 1: Configure Ansible ......................................................................................................................................... 306
Task 2: Create a Playbook ....................................................................................................................................... 310
Task 3: Install Software with Ansible ..................................................................................................................... 313
Task 4: Verify That Apache Is Installed Successfully ....................................................................................... 315
Task 5: Delete the Virtual Machine to Save the Lab Resources ................................................................. 316
Lab 28 Deploying Apache Using Ansible and vRealize Automation ...................... 317
Task 1: Connect to the Ansible Server ..................................................................................................................318
x
Task 2: Create an Ansible Blueprint ..................................................................................................................... 320
Task 3: Test the Ansible Configuration by Deploying the Blueprint ......................................................... 323
Task 4: Delete the Deployment to Save the Lab Resources ......................................................................324
Lab 29 Deploying an Ansible Role..................................................................................... 325
Task 1: Install and View the Ansible Role .............................................................................................................326
Task 2: Create an Ansible Blueprint ......................................................................................................................329
Task 3: Test the Ansible Role by Deploying the Blueprint ............................................................................ 331
Task 4: Delete the Deployment to Save the Lab Resources ...................................................................... 332
Lab 30 Troubleshooting Ansible and vRealize Automation ..................................... 333
Task 1: Import a Broken Ansible Blueprint and Correct Problems .............................................................334
Task 2: Deploy Your Ansible Blueprint and Correct Problems ................................................................... 336
Task 3: Redeploy Your Ansible Blueprint and Correct Problems .............................................................. 339
Task 4: Test Your Final Corrected Ansible Blueprint..................................................................................... 340
Lab 31 Deploying vRealize Suite Lifecycle Manager .................................................. 342
Task 1: Deploy vRealize Suite Lifecycle Manager ............................................................................................343
Lab 32 Configuring the NSX-T Data Center Load Balancer.................................... 346
Task 1: Create Load Balancers ................................................................................................................................347
Task 2: Configure Application Profiles .................................................................................................................348
Task 3: Configure the Persistence Profile...........................................................................................................349
Task 4: Configure Health Monitors ....................................................................................................................... 350
Task 5: Configure Server Pools .............................................................................................................................. 352
Task 6: Configure Virtual Servers ..........................................................................................................................354
Lab 33 Configuring SSL Certificates Using Microsoft CA .........................................356
Task 1: Generate Certificate Signing Requests ................................................................................................. 357
Task 2: Separate the Private Key from the Certificate Signing Request ................................................ 359
Task 3: Sign the SSL Certificates Using Microsoft CA ...................................................................................362
Task 4: Prepare the PEM Encoded Certificates ...............................................................................................364
Task 5: Import the Certificates to vRealize Suite Lifecycle Manager ....................................................... 365
Lab 34 Deploying the VMware Identity Manager Cluster ........................................ 366
Task 1: Reduce The Resource Load On the Management Cluster ............................................................ 367
Task 2: Deploy the VMware Identity Manager Cluster ..................................................................................368
Task 3: Validate the Deployment ........................................................................................................................... 372
Lab 35 Deploying the vRealize Automation Cluster ...................................................373
xi
Task 1: Deploy the vRealize Automation Cluster ............................................................................................. 374
Lab 36 Configuring Connector High Availability ........................................................... 378
Task 1: Join Appliances to Domain ....................................................................................................................... 379
Task 2: Create a Directory.........................................................................................................................................380
Task 3: Enable Connector High Availability ........................................................................................................382
Lab 37 Failing Over the VMware Identity Manager Node.........................................383
Task 1: Review the VMware Identity Manager Cluster Health.....................................................................384
Task 2: Shut Down the Primary Node and Monitor the Cluster .................................................................386
Task 3: Power On the Node and Monitor the Cluster ....................................................................................388
Lab 38 Reviewing the vRealize Automation Cluster .................................................. 390
Task 1: View the Cluster Status ................................................................................................................................391
Task 2: View the Kubernetes Core Services .....................................................................................................392
Task 3: View the vRealize Automation Services and Pods.......................................................................... 393
Lab 39 Failing Over the vRealize Automation Node.................................................. 394
Task 1: Shut Down the Primary Node and Monitor the Cluster .................................................................. 395
Lab 40 Troubleshooting Scenario: Correct a Blueprint from a YAML File .........397
Task 1: Import a Blueprint ..........................................................................................................................................397
Task 2: Overview of Troubleshooting Techniques..........................................................................................399
Task 3: Resolution ....................................................................................................................................................... 400
Answer Key ............................................................................................................................... 401
xii
Lab 1 Creating and Deploying a
MySQL Server
Objective and Tasks

Create and test the YAML code and deploy the blueprint to test the YAML:
1. Upload and Review a MySQL Server Blueprint
2. Deploy and Delete the MySQL Server
1
Task 1: Upload and Review a MySQL Server Blueprint
You upload a blueprint that creates a MySQL server. This server is the back-end database for the
two-tier application. You examine the YAML code to ensure that you understand how it works.
1. If you do not have a browser tab open and are logged in to the vSphere Client, open a tab
and log in.
a. Start Chrome.
If Chrome is already running, but a tab logged in to the vSphere Client is not open, open
a new tab.
b. Click the Infrastructure > vSphere Client bookmark in Chrome.
c. Log in with the administrator@vsphere.local user account and the VMware1! password.
2. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
You verify that you log in to the vRA-Standard system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
b. Click the vRA > vRA-Standard bookmark in Chrome.
If the Your connection is not private warning appears, click Advanced

and click Proceed to sa-vra-01.vclass.local (unsafe).
c. Click GO TO LOGIN PAGE.
If the Your connection is not private warning appears, click Advanced

and click Proceed to sa-vra-01.vclass.local (unsafe).
d. Verify that the vclass.local domain is selected and click Next.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
f. Click Cloud Assembly.
3. Navigate to Design > Blueprints.
2
4. Upload a blueprint.
Option Action
Name Enter MySQL-Server in the text box.
Description Enter A virtual appliance with a front end, web

server, and database server in the text box.
Project Select VMW-ENG.
Blueprint Select Share only with this project.

sharing in
Service Broker
Upload file: C:\Materials\Blueprints\Answers\MySQL-Server-

Only.yaml
5. Click the MySQL-Server blueprint to open it.
6. Verify your single machine and single network exists in the design canvas.
Only one cloud agnostic machine is connected to a single cloud network.
3
7. View the network configuration.
Setting Action
networkType: existing (VMW-Production)
constraints: -tag: with the value 'net:production'
The network is an existing network. It is described in the VMW-Production network profile in

Infrastructure > Network Profiles.
The constraint net:production tag is applied. Only a network profile with the
net:production tag can be used.
8. View the Cloud.Machine configuration.
The Cloud.Machine resource has the following YAML code.
mysql:
type: Cloud.Machine
properties:
image: VMW-Ubuntu-Cloud
flavor: VMW-Large
networks:
- network: '${resource.Cloud_Network_1.id}'
In the YAML code for the Cloud.Machine resource:
• The name of the machine has changed to mysql. This name is also assigned to the
resource in the Design Canvas.
• The predefined image is the VMW-Ubuntu-Cloud image, which is defined in

Infrastructure > Image Mappings. It connects to the Ubuntu-Cloud-Template on the
SA-vCSA-01 vCenter Server system.
• The predefined flavor is the VMW-Large flavor, which is defined in Infrastructure >
Flavor Mappings. It specifies 2 vCPUs and 2 GB of memory.
• The mysql Cloud.Machine is connected to the Cloud_Network_1 resource network.
9. View the inputs for the hostname1, hostname2, user, and pass variables.
The input variables have the following YAML code.
inputs:
hostname1:
type: string
title: mysql hostname
default: mysql
description: Name of the mysql server. This name will be
4
used to set the internal hostname and is part of the FQDN for
DNS.
hostname2:
type: string
title: frontend hostname
default: frontend
description: Name of the front end server. This name will
be used to set the internal hostname and is part of the FQDN
for DNS.
user:
type: string
title: User name for the mySQL administrator account
default: superadmin
description: This user name will have administrator
privileges in the MySQL database and can be used to log into
the front end server.
pass:
type: string
title: Password for the mySQL administrator account.
encrypted: true
default: VMware1!
description: Password for the MySQL administrator account.
The hostname1 input is the internal host name of the MySQL server. The default is mysql.
The hostname2 input is used for the front-end server as this blueprint gets more complex.
The user input is the user name that is created in this server. The user is also the MySQL
administrator. By default, the user name is superadmin.
The password input is the password for the user that is created. The same password works
for the MySQL user account. The password is an encrypted value with the default value
VMware1!.
Several cloudConfig directives to install software packages are available.
The server uses the following default software packages:
• - mysql-server-5.7
• - mysql-client
• - unzip
• - git
5
NOTE
The cloudConfig section in the blueprint mandates that the cloud-init software is installed in
the Ubuntu-Cloud-Template on the vCenter Server System.
10. View the complete YAML code for the blueprint.
formatVersion: 1
inputs:
hostname1:
type: string
default: mysql
DNS.
hostname2:
type: string
default: frontend
for DNS.
user:
type: string
title: User name for the mySQL administrator account
default: superadmin
pass:
type: string
title: Password for the mySQL administrator account.
encrypted: true
default: VMware1!
description: Password for the MySQL administrator account.
resources:
mysql:
type: Cloud.Machine
properties:
flavor: VMW-Large
networks:
6
cloudConfig: |
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
Cloud_Network_1:
type: Cloud.Network
properties:
networkType: existing
name: VMW-Production
constraints:
- tag: 'net:production'
11. Test your blueprint (click TEST) with all the default values.
If the blueprint test fails, correct any syntax problems.
12. Click CLOSE.
7
Task 2: Deploy and Delete the MySQL Server
You deploy the MySQL server and then delete your deployment to save lab resources.
2. Select the MySQL-Server blueprint.
3. Deploy the MySQL-Server blueprint.
Option Action
Deployment Type Select Create a new-deployment (default).
Deployment Name Enter MySQL-Only in the text box.
Blueprint Version Select Current Draft
Inputs Use all the default values.
4. After your deployment is complete, use the vSphere Client to open a remote console on
your deployed MySQL server.
5. Log in to your deployed virtual machine with the root user account and VMware1! as the
password.
6. Enter the mysql command to verify that the MySQL database is installed.
If you have successfully installed a default MySQL server, the MySQL monitor must start. If
your MySQL monitor does not start, verify your YAML code for errors and redeploy.
7. Close the remote console.
8. Go to the VMware Cloud Services browser tab.
9. Click the Deployments tab.
10. Delete the MySQL-Only deployment.
8
Lab 2 Using YAML to Create a
Configuration File
Objective and Tasks

Use YAML to create a configuration file:
1. Upload a YAML Blueprint That Creates a Netplan Configuration file
2. Deploy and Delete the Blueprint Deployment
In this lab, you use YAML to create a configuration file. You must not set a static IP in YAML from
a hard-coded configuration file. This lab illustrates advanced YAML coding techniques. You do
not set a static IP address in this lab. To set a static IP address in a YAML blueprint with
cloudConfig, use a STATIC directive and prepare your Ubuntu template. For information about
deploying a Linux machine with a static IP address, see Using and Managing vRealize Automation
Cloud Assembly at https://docs.vmware.com/en/vRealize-Automation/8.0/Using-and-
Managing-Cloud-Assembly/GUID-B9291A02-985E-4BD3-A11E-BDC839049072.html.
9
Task 1: Upload a YAML Blueprint That Creates a Netplan
Configuration File
Upload and examine a YAML blueprint that creates a configuration file to set the static IP address
in the Ubuntu system.
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
d. Verify that the vclass.local domain is selected.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
Option Action
Name Enter Ubuntu_Static_IP in the text box.
Descriptio Enter An Ubuntu server with a static IP address in the

n text box.
Project Select VMW-ENG in the text box.

sharing in
Service
Broker
Upload file Browse to

C:\Materials\Blueprints\Answers\Ubuntu_Static_IP.ya
ml.
10
4. Open the Ubuntu_Static_IP blueprint to examine it.
5. Examine the inputs for the hostname1 and ipaddress variables.
6. Set the parameters for the hostname1 input variable.
Setting Action
type: Enter string in the text box.
title: Enter hostname in the text box.
default: Enter UbuntuStatic in the text box.
description: Enter Name of the Ubuntu server. This name will

be used to set the internal hostname and is
part of the FQDN for DNS. in the text box.
7. Set the parameters for the ipaddress input variable.
Setting Action
title: Enter Enter your IP address range 172.20.11.180-

199. in the text box.
pattern: Enter '172.20.11.[1][8-9][0-9]' in the text box.
description: Enter This will be the IP address. The IP address

should be between 172.20.11.180 and
172.20.11.199 in the text box.
The pattern allows IP addresses between 172.20.11.180 and 172.20.11.199.
'172.20.11 forces the first three octets of the IP address to be 172.20.11.

[8-9] forces the next part of the number (the second part of the field) to be any number
between 8 and 9 inclusive.
[0-9]' is the last part of the pattern. It is the third field in the fourth octet of the IP
address. The entry must be any number between 0 and 9.
8. View the runcmd commands.
a. Create a directory for the configuration files.
- mkdir -p /root/myconfig
11
b. Set the host name to the value that is provided as input.
- hostnamectl set-hostname ${input.hostname1}

c. Make a backup copy of the current Netplan file.
- cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-
cloud-init.yaml.sav
d. Change the file permission on the Netplan file for the cloudConfig script to overwrite.
- chmod 777 /etc/netplan/50-cloud-init.yaml

e. Create an empty Netplan file in your /root/myconfig directory.
- touch /root/myconfig/50-cloud-init.yaml
9. Use the blueprint and create a /root/myconfig/50-cloud-init.yaml text file
that appears similar to the following code.
network:
version: 2
ethernets:
ens160:
dhcp: false
addresses: [172.20.11.185]
gateway4: 172.20.11.10
nameservers:
addresses: [172.20.11.10]
The example code uses the standard YAML formatting. The version and ethernets
directives have two spaces before and align with t in network:. The ens160 directive
aligns with h in ethernets. The dhcp4, addresses, gateway4, and nameservers
directives align with s in ens160. The a in the final addresses directive aligns with m in
nameservers. The 172.20.11.185/24 address is used as an example. Your YAML code
must use the ${input.ipaddress} variable so that the actual IP address that is
generated always matches the user's request.
The address that you pass must be xxx.xxx.xx.xxx/24.Your YAML code must append the
/24 to the IP address. For example, you can use the code - echo "addresses:""
[${input.ipaddress}/24]" >> /root/myconfig/50-cloud-
init.yaml to append /24 to the IP address that the user enters.
10. Create the static file.
The YAML code looks like the following code.

cloud-init.yaml.sav
12
- echo "network:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " version:"" 2" >> /root/myconfig/50-cloud-
init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [${input.ipaddress}/24]" >>
/root/myconfig/50-cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >>
- echo " nameservers:"" ">> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
The screenshot highlights the YAML code that sets the IP address using the input variable.
11. Copy the temporary file, set permissions, and apply the file in YAML.
a. Copy your temporary file in /root/myconfig to overwrite the standard

/etc/netplan configuration file.
- cp /root/myconfig/50-cloud-init.yaml /etc/netplan/50-
cloud-init.yaml
b. Change the file permissions back to their correct settings.

c. Apply the new static IP address.
- netplan apply
12. View the final part of the YAML code that configures the network file.
13
- cp /root/myconfig/50-cloud-init.yaml /etc/netplan/50-
cloud-init.yaml
- netplan apply
13. View and understand the YAML blueprint for the cloud machine.
14. Test the blueprint.
Setting Action
hostname Enter static85 in the text box.
ipaddress Enter 172.20.11.185 in the text box.
15. Click CLOSE.
14
Task 2: Deploy and Delete the Blueprint Deployment
You deploy the blueprint to test the blueprint and then delete your deployment to save the lab
resources.
2. Select the Ubuntu_Static_IP blueprint.
3. Deploy the Ubuntu_Static_IP blueprint.
Option Action
Deployment Select Create a new-deployment (default).

Type
Deployment Enter static-test in the text box.

Name
Blueprint Version Select Current Draft.
Inputs Enter static86 for the host name and 172.20.11.186 for the IP
address.
your deployed front-end server.
5. Log into your deployed virtual machine, with the root user account and VMware1! as the
password.
6. Enter the ip a command to verify that the IP address is 172.20.11.186.
7. Use the nano editor on the deployed virtual machine to examine the
/root/myconfig/50-cloud-init.yaml configuration file that you created.
8. Enter the hostname command to verify that your host name is static86.
9. Close your remote console.
10. Return to the VMware Cloud Services browser tab.
12. Delete the static-test deployment.
15
Lab 3 Troubleshooting an Advanced
Blueprint
Objective and Tasks

Import and deploy a broken YAML blueprint and correct problems:
1. Import a Broken YAML Blueprint and Correct Problems
2. Deploy, Test, and Delete the Deployment
17
Task 1: Import a Broken YAML Blueprint and Correct Problems
You import a blueprint that has problems in the YAML code and fix the problems.
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system.
a. Open Chrome.
3. Click Upload to upload the blueprint.
Option Action
Name Enter Multi-Disk in the text box.
Description Enter An Ubuntu server with a static IP and

multiple disks in the text box.
Blueprint sharing in Select Share only with this project.

Service Broker
Upload file Go to C:\Materials\Blueprints\ and click

Broken_Multiple_Disks.yaml.
4. Open the Multi-Disk blueprint and correct any obvious syntax errors.
This blueprint has five errors in it. Some errors are obvious.
a. Find the red error icons.
18
A red error icon appears to the left of the blueprint, indicating syntax errors.
b. Find alignment and spacing errors.
c. Verify that variables that are created are properly used and referenced.
d. Verify the output file that is created on the deployed system to verify any quotation-
related string problems.
These problems include missing beginning quotations, missing end quotations, quotations
inside quotations, and so on.
e. Verify that the correct escape characters are used for special characters.
f. Storage tags do not match the available storage profiles capability tags. Storage tags in
the blueprint are currently set to use either Silver or Gold depending on the number of
disks. - tag: '${input.NumDisks != 1 ? "Silver" : "Gold"}'.
Correct this code to match the correct capability tags for silver and gold storage in your
system.
5. Test your blueprint with all the default values after you have corrected the obvious syntax
errors
If your blueprint fails the test, correct the syntax problems.
6. Save a version of the blueprint.
Option Action
Version Enter Debug-1 in the text box.
Description Enter Obvious syntax errors corrected in the text box.
Release Do not select Release this version to the catalog.
7. Click CLOSE.
19
Task 2: Deploy, Test, and Delete the Deployment
You deploy the blueprint to test and then delete your deployment to save lab resources. You
deploy the MySQL server and then delete your deployment to save lab resources.
2. Select the Multi-Disk blueprint.
3. Deploy and test the Mutli-Disk blueprint.
Option Action

Type
Deployment Enter Debug-1 in the text box.

Name
Blueprint Select Debug-1.

Version
Inputs Enter ubuntu1 for the host name, enter 172.20.11.182 for the IP
address, enter 3 for the number of data disks.
your deployed Ubuntu server.
5. Log into your deployed virtual machine with the root user account and VMware1! as the
password.
6. Enter the ip a command to verify that the IP address is 172.20.11.182.
7. If the IP address is not correct, redeploy your blueprint.
a. Verify that all the output files in the deployed system that the YAML code creates are
correct.
b. Close your remote console.
c. Delete your current deployment.
d. Correct any syntax errors in the blueprint.
e. Retest your blueprint.
f. Redeploy your blueprint.
20
8. Enter the df -h command to verify that you have three data disks (/dev/sdb,
/dev/sbc, and /dev/sdd) that are formatted.
9. If the deployment succeeds, close your remote console and continue the rest of the lab.
12. Delete the Debug-1 deployment.
Q1. What is the first problem in the YAML code?

A1. The Sett ing Hostname string is miss ing a clos ing quot atio n.
Q2. What is the second problem in the YAML code?

A2. The hostnamect l comm and does not use t he corre ct host name var iab le.
Q3. What is the third problem in the YAML code?

init.yaml
A3. A co lo n was not proper ly escaped w ith two follow ing do uble q uot atio n m arks. This code is o n t he code line 73 where t he code is
.
- echo " ens160:"" >> /root/myconfig/50-cloud-
Q4. Do any other problems exist in the YAML code?
A4. The - mkdir /datadisk command is incorrect ly indented.
21
Lab 4 Adding Users and cloudConfig
Commands
Objective and Tasks

Examine the YAML code to create a MySQL back-end server and deploy the blueprint to test
the code:
1. Upload a YAML Blueprint That Builds a MySQL Server with Users and a Static IP Address
2. Deploy Your Blueprint
3. Examine the Blueprint of the MySQL Server with Users and Static IP
4. Examine Your Static IP Input Variables for the MySQL Server
5. Examine the Software Packages
6. Verify the MySQL User Configuration
7. Examine Your Network Configuration for the MySQL Server

8. Verify the MySQL User and Database Configuration
9. Examine the Complete YAML for the MySQL Back-End Virtual Machine
10. Test and Delete the MySQL Server
22
Task 1: Upload a YAML Blueprint That Builds a My SQL Server with
Users and a Static IP Address
Upload a YAML blueprint that builds a MySQL server with users and a static IP address.
Assembly.
IMPORTANT
a. Open Chrome.
2. Go to Design > Blueprints.
Option Action
Name Enter MySQL Server with Users and Static IP in the

text box.
Description Enter MySQL server for your back end server in the
text box.

sharing in
Service Broker
Upload file Browse to C:\Materials\Blueprints\Answers\mySQL-

with-users-and-static-IP.yaml
23
Task 2: Deploy Your Blueprint
You deploy the blueprint so that it is running when you are ready to test it.
1. Verify that you are located at Design > Blueprints.
2. Select the MySQL Server with Users and Static IP blueprint.
3. Deploy the MySQL Server with Users and Static IP blueprint to test it.
Option Action
Deployment Name Enter MySQL-Plus-Users-IP in the text box.
24
Task 3: Examine the Blueprint of the MySQL Server with Users and
Static IP
You examine the YAML code for a back-end MySQL server.
2. Open the MySQL Server with Users and Static IP blueprint to view it.
You must not change the blueprint.
3. Verify that a singular cloud-agnostic machine on the design canvas named mysql exists.
4. Verify that the mysql cloud machine is connected to a same cloud network with the
net:production tag.
25
Task 4: Examine Your Static IP Input Variables for the MySQL Server
You examine the YAML code to get input variables for the IP address.
2. Open the MySQL Server with Users and Static IP blueprint to examine the YAML code.
3. Begin by examining the inputs to configure a static IP address for the MySQL server.
inputs:
ipaddress1:
type: string
title: Enter your IP address for the mysql server range
172.20.11.180-199
pattern: '172.20.11.[1][8-9][0-9]'
description: This will be the IP address for the mysql
server
default: 172.20.11.185
NOTE
Your blueprint also contains inputs for both hostnames, the user name and the password, but
we will skip those for now.
26
Task 5: Examine the Software Packages
You examine the YAML code that installs the software.
1. Verify the first software package directives to install the packages.
These directives are the same as the ones used in the earlier MySQL server blueprint.
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
You install MySQL (mysql-server-5.7) on the back-end database server.
Task 6: Verify the MySQL User Configuration

You examine the YAML code that creates the user account in the virtual machine operating
system.
1. Examine the cloudConfig users: directives to create the MySQL administrator user.
users:
- name: ${input.user}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo
shell: /bin/bash
27
Task 7: Examine Your Network Configuration for the MySQL Server
You examine the YAML code to configure the network.
1. Examine the cloudConfig commands under runcmd: that configures the netplan file for
the front end.
- cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-
init.yaml.sav
2. Examine the cloudConfig commands under runcmd that configure the IP address in the
netplan file.
- echo "VRA - Setting static IP" >> root/log.txt
- echo "VRA - Setting static IP"
init.yaml.sav
- echo "network:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " version:"" 2" >> /root/myconfig/50-cloud-init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-cloud-
init.yaml
- echo " addresses:"" [${input.ipaddress1}/24]" >>
- echo " gateway4:"" 172.20.11.10" >> /root/myconfig/50-
cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-cloud-
init.yaml
- echo " addresses:"" [172.20.11.10]" >>
- cp /root/myconfig/50-cloud-init.yaml /etc/netplan/50-cloud-
init.yaml
- netplan apply
28
3. Examine the cloudConfig runcmd directives to set the host name in the DNS server and
update the log file.
- echo 'Setting host DNS name' >> /root/log.txt

- echo "Setting host name for DNS"
- hostnamectl set-hostname "${input.hostname1}.vclass.local"
The YAML code sets the DNS host name for the front-end server.
29
Task 8: Verify the MySQL User and Database Configuration
You verify the MySQL user and database configuration.
1. Examine cloudConfig runcmd: directives to set the password for the MySQL administrator
user and to enable your user to use SSH to log in.
- USER=${input.user}
- PASS=${input.pass}
- echo $USER:$PASS | /usr/sbin/chpasswd
- sed -i "s/PasswordAuthentication no/PasswordAuthentication
yes/g" /etc/ssh/sshd_config
- service ssh reload
- echo 'VRA ssh reload complete' >> /root/log.txt
- echo 'VRA ssh reload complete'
2. Examine cloudConfig runcmd directives to add the user and password to the MySQL
database.
- echo "mysql-server-5.7 mysql-server/root_password password

root" | sudo debconf-set-selections
- echo "mysql-server-5.7 mysql-server/root_password_again
password root" | sudo debconf-set-selections
- echo "[client]" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=root" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=root" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=$USER" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=$PASS" >> /etc/mysql/mysql.conf.d/mysqld.cnf
30
3. Examine the MySQL IP configuration before the mysql restart..
The restart is also needed before the final DB rights are assigned to the MySQL user.
- echo 'VRA setting mySQL IP configuration' >> /root/log.txt

- echo 'VRA setting mySQL IP configuration'
- sed -i 's/127.0.0.1/0.0.0.0/g'
/etc/mysql/mysql.conf.d/mysqld.cnf
- systemctl restart mysql
- echo 'mySQL restart complete' >> /root/log.txt
- echo 'VRA - mysql restart complete'
4. Examine the cloudConfig runcmd directives to grant privileges in MySQL to your user and
to create the myvRAdb database.
- echo 'Setting mySQL user rights' >> /root/log.txt

- echo 'Setting mySQL user rights'
- mysql -u root -e "GRANT ALL ON *.* TO '$USER'@'%' IDENTIFIED
BY '$PASS'"
- mysql -u root -e "GRANT ALL ON *.* TO '$USER'@localhost
IDENTIFIED BY '$PASS'"
- mysql -u root -e 'CREATE DATABASE myvRAdb'
- mysql -u root -e 'USE myvRAdb'
- mysql -u root -e 'flush privileges'
31
Task 9: Examine the Complete YAML for the MySQL Back-End
Virtual Machine
You examine the complete YAML code for the MySQL back-end virtual machine.
1. Examine a copy of the complete YAML code for the MySQL back-end machine.
formatVersion: 1
inputs:
ipaddress1:
type: string
title: Enter your IP address for the mysql server range
172.20.11.180-199
pattern: '172.20.11.[1][8-9][0-9]'
description: This will be the IP address for the mysql
server
default: 172.20.11.185
hostname1:
type: string
default: mysql
DNS.
hostname2:
type: string
default: frontend
for DNS.
user:
type: string
title: User name for the system administrator account
default: superadmin
pass:
type: string
title: Password for the superadmin account.
encrypted: true
default: VMware1!
description: Password for the superadmin account.
resources:
32
mysql:
type: Cloud.Machine
properties:
flavor: VMW-Large
networks:
cloudConfig: |
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
users:
groups: sudo
shell: /bin/bash
runcmd:
- touch /root/log.txt
- echo 'VRA - Starting runcmd' >> /root/log.txt
- echo 'VRA - Starting runcmd'
- echo "VRA - Setting static IP" >> root/log.txt

- echo "VRA - Setting static IP"
cloud-init.yaml.sav
init.yaml
init.yaml
init.yaml
init.yaml
cloud-init.yaml
- echo " addresses:"" [${input.ipaddress1}/24]"
>> /root/myconfig/50-cloud-init.yaml
33
- echo " gateway4:"" 172.20.11.10" >>
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
- cp /root/myconfig/50-cloud-init.yaml
/etc/netplan/50-cloud-init.yaml
- netplan apply
- echo 'Setting host DNS name' >> /root/log.txt

- echo 'Setting host DNS name'
- hostnamectl set-hostname
"${input.hostname1}.vclass.local"
- sed -i "s/PasswordAuthentication
no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
- echo 'VRA ssh reload complete' >> /root/log.txt
- echo 'VRA ssh reload complete'
- echo "mysql-server-5.7 mysql-server/root_password
- echo "mysql-server-5.7 mysql-
server/root_password_again password root" | sudo debconf-set-
selections
- echo "[client]" >>
- echo "user=root" >>
- echo "password=root" >>
- echo "user=$USER" >>
- echo "password=$PASS" >>
- echo 'VRA setting mySQL IP configuration' >>

/root/log.txt
- echo 'VRA setting mySQL IP configuration'
- sed -i 's/127.0.0.1/0.0.0.0/g'
34
- echo 'mySQL restart complete' >> /root/log.txt
- echo 'VRA - mysql restart complete'
- echo 'Setting mySQL user rights' >> /root/log.txt

- echo 'Setting mySQL user rights'
- mysql -u root -e "GRANT ALL ON *.* TO '$USER'@'%'
- mysql -u root -e "GRANT ALL ON *.* TO
'$USER'@localhost IDENTIFIED BY '$PASS'"
- mysql -u root -e 'CREATE DATABASE myvRAdb'
- mysql -u root -e 'USE myvRAdb'
- echo 'VRA - Cloud-init is done!' >> /root/log.txt

- echo 'VRA - Cloud-init is done!'
Cloud_Network_1:
type: Cloud.Network
properties:
networkType: existing
name: VMW-Production
constraints:
- tag: 'net:production'
35
36
37
Task 10: Test and Delete the MySQL Server
You test the deployment and then delete your deployment to save lab resources.
1. Verify that your earlier deployment is complete.
You must ensure that you log in at least 5 minutes after the deployment is complete before
you log in so that the cloudConfig commands can run. {revised - verify}
2. Record the names of the vSphere virtual machine that was deployed.
3. Click the vSphere Client browser tab to go to the vSphere Client.
4. Click the virtual machine, which is your mysql server to open its properties.
The DNS name must be mysql.vclass.local and have a static IP address of 172.20.11.185.
5. Open a Web Console on the mysql.vclass.local virtual machine.

6. Log into your deployed virtual machine with the superadmin user account and the VMware1!
password.
7. Enter the mysql -u superadmin -p command to verify that the MySQL database is
installed and that your superadmin account is accessible.
If you have successfully installed a default MySQL server, the MySQL monitor must start.
You are prompted for your password. If your MySQL monitor does not start, verify your
YAML code for errors and redeploy.
8. Enter the use myvRAdb command to verify that the myvRAdb database exists.
12. Delete the MySQL-Plus-Users-IP deployment.
38
Lab 5 Creating and Deploying a Front-
End Server
Objective and Tasks

Examine the YAML code to deploy a front-end server for phpMyAdmin and deploy the blueprint
to test the code:
1. Upload a YAML Blueprint That Builds a Front-End Server
3. Examine the Blueprint with the Front-End Server Added
4. Verify Your Static IP Input Variables for the Front-End Server
5. Examine the Software Packages
6. Examine the MySQL User Configuration
7. Examine Your Network Configuration for the Front-End Server

8. Examine the MySQL User Configuration
9. Examine the Complete YAML for the Front- End Virtual Machine
10. Test and Delete the Two Servers
39
Task 1: Upload a YAML Blueprint That Builds a Front-End Server
You upload a YAML blueprint that builds a front-end server to the MySQL blueprint.
Assembly.
IMPORTANT
a. Open Chrome.
Option Action
Name Enter Front-End-Server-PlusMySQL in the text box.
Description Enter Front end server plus MySql server in the text
box.

sharing in
Service Broker
Upload file Browse to C:\Materials\Blueprints\Answers\Front-

End-Server-Plus-MySQL.yaml
40
2. Select the Front-End-Server-Plus-MySQL blueprint.
3. Deploy the Front-End-Server-Plus-MySQL blueprint to test it.
Option Action
Deployment Name Enter Front-End and MySQL in the text box.
Blueprint Version Select Current Draft
41
Task 3: Examine the Blueprint with the Front-End Server Added
You examine the YAML code to add a front-end server to MySql. The server is the front-end
appliance to manage the database for the two-tier application. You have an Ubuntu server with a
static IP address on the same network as the MySQL server.
2. Open the Front-End-Server-Plus-MySQL blueprint to examine it.
IMPORTANT
Do not change the blueprint.
3. Verify that a second cloud-agnostic machine on the design canvas to the left of your MySQL
cloud-agnostic machine exists.
4. Verify that the front-end cloud machine is connected to the same cloud network that the
mysql cloud machine is connected.
5. Verify that the front-end cloud machine depends on the MySQL machine.
vRealize Automation deploys and configures the mysql virtual machine before it configures
the frontend virtual machine.
42
Task 4: Verify Your Static IP Input Variables for the Front-End Server
You verify the YAML code to get input variables for the IP address.
2. Open the Front-End-Server-PlusMySQL blueprint to examine the YAML code.
3. Verify the inputs to configure a static IP address for the front-end server.
The commands you use are similar to the MySQL server configuration in the previous labs.
You only change the front-end input variable to ipaddress2 .
Setting Value
Input variable Enter ipaddress2 in the text box.

name:
title: Enter Enter your IP address range

172.20.11.180-199 in the text box.
pattern: Enter '172.20.11.[1][8-9][0-9]' in the text box.
default: Enter 172.20.11.186 in the text box.
description: Enter This will be the IP address of the front

end server. The IP address should be between
172.20.11.180 and 172.20.11.199.
43
Task 5: Examine the Software Packages
You examine the YAML code that installs the software and the MySQL users.
1. Examine the first software package directives to install the packages.
These directives are the same as the MySQL server.

packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
You install MySQL (mysql-server-5.7) on the back-end database server and on the front-end
server because the phpMyAdmin front-end tool requires its own database.
44
Task 6: Examine the MySQL User Configuration
{provide information}
1. Examine the cloudConfig users: directives to create the MySQL administrator user.
users:
groups: sudo
shell: /bin/bash
You use the same superadmin user account in the front-end server that you use in the
MySQL server.
45
Task 7: Examine Your Network Configuration for the Front-End
Server
You examine the YAML code to configure the network.
1. Examine the cloudConfig commands under runcmd: that configures the netplan file for
the front end.
- echo "VRA- Setting static IP" >> /root/log.txt

- echo "VRA- Setting static IP"
init.yaml.sav
2. Examine the cloudConfig commands under runcmd that configures the IP address in the
netplan file.
The commands used here are similar to the MySQL configuration in the previous labs. The
only change is the front-end input variable is ipaddress2 .
- echo "network:"" " >> /root/myconfig/50-cloud-init.yaml

- echo " version:"" 2" >> /root/myconfig/50-cloud-init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-cloud-
init.yaml
- echo " addresses:"" [${input.ipaddress2}/24]" >>
- echo " gateway4:"" 172.20.11.10" >> /root/myconfig/50-
cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-cloud-
init.yaml
- echo " addresses:"" [172.20.11.10]" >>
- cp /root/myconfig/50-cloud-init.yaml /etc/netplan/50-cloud-
init.yaml
- netplan apply
46
3. Examine the cloudConfig runcmd directives to set the host name in the DNS server and
update the log file.
- echo "VRA- Setting hostname" >> /root/log.txt

- hostnamectl set-hostname "${input.hostname2}.vclass.local"
The YAML code sets the DNS host name for the front-end server.
47
Task 8: Examine the MySQL User Configuration
You examine the user configuration for the MySQL server.
1. Examine the cloudConfig runcmd: directives to set the password for the MySQL
administrator user and to enable your user to use SSH to log in.
- echo "VRA- Creating Users" >> /root/log.txt

- echo "VRA- Creating Users"
- sed -i "s/PasswordAuthentication no/PasswordAuthentication
yes/g" /etc/ssh/sshd_config
The YAML code is the same code that is used in the back-end MySQL database server.
2. Examine the cloudConfig runcmd directives to add the user and password to the MySQL
database.
- echo "VRA- Creating mySQL users" >> /root/log.txt

- echo "VRA- Creating mySQL users"
- echo "mysql-server-5.7 mysql-server/root_password password
root" | sudo debconf-set-selections
- echo "mysql-server-5.7 mysql-server/root_password_again
- echo "[client]" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=root" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=root" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=$USER" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=$PASS" >> /etc/mysql/mysql.conf.d/mysqld.cnf
- echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
The YAML code is the same code that is used in the back-end MySQL database server.
48
3. Examine the MySQL IP configuration before the mysql restart.
The restart is also needed before the final DB rights are assigned to the MySQL user.
- echo "VRA- Configuring mySQL IP" >> /root/log.txt

- echo "VRA- Configuring mySQL IP"
- sed -i 's/127.0.0.1/0.0.0.0/g'
4. Examine the cloudConfig runcmd directives to grant privileges in MySQL to your user.
- echo "VRA- Giving mySQL users DB rights" >> /root/log.txt

- echo "VRA- Giving mySQL users DB rights"
- mysql -u root -e "GRANT ALL ON *.* TO '$USER'@'%' IDENTIFIED
BY '$PASS'"
- mysql -u root -e "GRANT ALL ON *.* TO '$USER'@localhost
The myvRAdb database does not exist on the front-end server.
49
Task 9: Examine the Complete YAML for the Front-End Virtual
Machine
You examine the complete YAML for the front-end virtual machine.
1. View a copy of the complete YAML code for the front-end machine.
This code does not include the YAML blueprint Inputs or the code for the mysql server.
resources:
frontend:
type: Cloud.Machine
dependsOn:
- mysql
properties:
flavor: VMW-Large
networks:
cloudConfig: |
package_update: true
package_upgrade: true
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
users:
groups: sudo
shell: /bin/bash
runcmd:

cloud-init.yaml.sav
init.yaml
50
init.yaml
init.yaml
init.yaml
cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >>
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
- netplan apply



selections
51

- sed -i 's/127.0.0.1/0.0.0.0/g'
- echo "VRA- Giving mySQL users DB rights" >>

/root/log.txt
52
53
Task 10: Test and Delete the Two Servers
1. Verify that your earlier deployment is complete.
You must ensure that you log in at least 5 minutes after the deployment is complete before
you log in so that the cloudConfig commands can run. You must open a console on the front-
end server and not on the MySQL server.
2. Record the names of the two vSphere virtual machines that were deployed.
3. Click the vSphere Client browser tab to go to the vSphere Client.
4. Click the virtual machine that is your front-end server to open its properties.
This system is the second server deployed, because this front-end server depends on the
mysql server.
The DNS name must be frontend.vclass.local and it must have a static IP address of
172.20.11.186.
5. Open a Web Console on the frontend.vclass.local virtual machine.
6. Log into your deployed virtual machine (the front-end server) with the superadmin user
account and the VMware1! password.
installed and that your superadmin account is accessible.
8. Enter the use myvRAdb command to verify that the myvRAdb database is not created.
54
12. Delete the Front-End and MySQL deployment.
55
Lab 6 Installing phpMyAdmin
Objective and Tasks

Use the advanced YAML code to install phpMyAdmin on your front-end server:
1. Upload a YAML Blueprint That Deploys a Front-End Server With phpMyAdmin Installed
3. Examine the Installation Code for the phpMyAdmin Server
4. Test and Delete the Deployment
56
Task 1: Upload a YAML Blueprint That Deploys a Front-End Server
With phpMyAdmin Installed
You upload a YAML blueprint that builds a front-end server to the MySQL blueprint.
Assembly.
IMPORTANT
a. Open Chrome.
Option Action
Name Enter phpMyAdmin-Local in the text box.
Description Enter Front end server plus MySql server with

phpMyAdmin installed in the text box.

sharing in
Service
Broker

C:\Materials\Blueprints\Answers\phpMyAdmin_local.
yaml
57
2. Select the phpMyAdmin-Local blueprint.
3. Deploy the phpMyAdmin-Local blueprint to test it.
Option Action
Deployment Name Enter phpMyAdmin-Local in the text box.
58
Task 3: Examine the Installation Code for the phpMyAdmin Server
You examine the YAML code to install the phpMyAdmin server. phpMyAdmin cannot be installed
as a regular package using the packages directive because the default install requires
interactive input.
2. Open the phpMyAdmin-Local blueprint for editing.
IMPORTANT
Do not change the blueprint.
3. Examine the items in the YAML code that install phpMyAdmin.
You can begin by looking at the packages list. This list has changed from the simple MySQL
server.
packages:
- apache2
- php
- php-mysql
- libapache2-mod-php
- php-gd
- php-mbstring
- php-xml
- php-zip
- php-curl
- mysql-server-5.7
- unzip
- curl
4. Scroll further down and examine the new code beginning with - echo "VRA-
Installing myphpadmin" >> /root/log.txt.
- echo "VRA- Installing myphpadmin" >> /root/log.txt
- echo "VRA- Installing myphpadmin"
- export DEBIAN_FRONTEND=noninteractive
- apt-get -yq install phpmyadmin
The export code exports a variable to indicate to the phpMyAdmin installation that it is in
noninteractive mode.
The apt-get -yq is a quiet installation with no prompts of phpMyAdmin.
5. Scroll further down and examine the code that creates the myphpadmin.conf file.
59
The file is a configuration file that is copied over the configuration file that controls
phpMyadmin. The text file that is created if you deploy the blueprint with the default inputs
appears similar to the output in the /root/my_phpmyadmin.conf file.
dbc_install='true'
dbc_upgrade='true'
dbc_remove='true'
dbc_dbtype='mysql'
dbc_dbuser=superadmin
dbc_dbpass=VMware1!
dbc_dballow='localhost'
dbc_dbserver='localhost'
dbc_dbport='3306'
dbc_dbname='phpmyadmin'
dbc_dbadmin='debian-sys-maint'
dbc_basepath=''
dbc_ssl=''
dbc_authmethod_admin=''
dbc_authmethod_user=''
You can use the code to create the file.
- echo "VRA- creating myphpadmin config file" >>

/root/log.txt
- echo “VRA Creating phpmyadmin configuration file”
- touch /root/my_phpmyadmin.conf
- echo "dbc_install='true'" >>
/root/my_phpmyadmin.conf
- echo "dbc_upgrade='true'" >>
- echo "dbc_remove='true'" >>
- echo "dbc_dbtype='mysql'" >>
- echo "dbc_dbuser=$USER" >> /root/my_phpmyadmin.conf
- echo "dbc_dbpass=$PASS" >> /root/my_phpmyadmin.conf
- echo "dbc_dballow='localhost'" >>
- echo "dbc_dbserver='localhost'">>
- echo "dbc_dbport='3306'" >>
- echo "dbc_dbname='phpmyadmin'" >>
60
- echo "dbc_dbadmin='debian-sys-maint'">>
- echo "dbc_basepath=''" >> /root/my_phpmyadmin.conf
- echo "dbc_ssl=''">> /root/my_phpmyadmin.conf
- echo "dbc_authmethod_admin=''" >>
- echo "dbc_authmethod_user=''" >>
- echo “Finished creating phpmyadmin configuration
file” >> /root/log.txt
file”
6. Back up the actual configuration file /etc/dbconfig-common/phpmyadmin.conf

with the cp command and copy to the file to /etc/dbconfig-
common/phpmyadmin.conf.sav.
- cp /etc/dbconfig-common/phpmyadmin.conf /etc/dbconfig-
common/phpmyadmin.conf.sav
7. Overwrite the /etc/dbconfig-common/phpmyadmin.conf file with the
/root/my_phpmyadmin.conf file with the cp command.
- cp /root/my_phpmyadmin.conf /etc/dbconfig-
common/phpmyadmin.conf
8. Reconfigure the phpmyadmin package to use the new configuration file.
- dpkg-reconfigure --frontend=noninteractive phpmyadmin
9. Enable the mbstring extension of php for Ubuntu, which you must use for phpMyAdmin.
- phpenmod mbstring
61
Here are the commands used to copy the configuration file, reconfigure php, and enable
mbstring:
- cp /etc/dbconfig-common/phpmyadmin.conf /etc/dbconfig-
common/phpmyadmin.conf.sav
- dpkg-reconfigure --frontend=noninteractive phpmyadmin
- phpenmod mbstring
10. Next the configuration of the Apache web server must be changed so that phpMyAdmin can
use it.
The following code adds a line to the end of the Apache configuration file and restarts
Apache.
- echo "VRA - modifying apache2 start file" >>

/root/log.txt
- echo "VRA - modifying apache2 start file"
- echo "Include /etc/phpmyadmin/apache.conf" >>
/etc/apache2/apache2.conf
- echo "VRA - Reloading SSH and Apache2" >>

/root/log.txt
- echo "VRA - Reloading SSH and Apache2"
- systemctl reload apache2
- systemctl restart apache2
62
11. View the complete YAML code for the front-end cloud machine in the blueprint.
resources:
frontend:
type: Cloud.Machine
dependsOn:
- mysql
properties:
flavor: VMW-Large
networks:
cloudConfig: |
package_update: true
package_upgrade: true
packages:
- apache2
- php
- php-mysql
- libapache2-mod-php
- php-gd
- php-mbstring
- php-xml
- php-zip
- php-curl
- mysql-server-5.7
- unzip
- curl
users:
groups: sudo
shell: /bin/bash
runcmd:

cloud-init.yaml.sav
63
init.yaml
init.yaml
init.yaml
init.yaml
cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >>
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
- netplan apply



selections
64

- sed -i 's/127.0.0.1/0.0.0.0/g'
- echo "VRA- Giving mySQL users DB rights" >>

/root/log.txt
- echo "VRA- Installing myphpadmin" >> /root/log.txt

- echo "VRA- Installing myphpadmin"
- export DEBIAN_FRONTEND=noninteractive
- apt-get -yq install phpmyadmin
- echo "VRA- creating myphpadmin config file" >>

/root/log.txt
- echo “VRA Creating phpmyadmin configuration file”
- touch /root/my_phpmyadmin.conf
- echo "dbc_install='true'" >>
- echo "dbc_upgrade='true'" >>
- echo "dbc_remove='true'" >>
- echo "dbc_dbtype='mysql'" >>
- echo "dbc_dbuser=$USER" >> /root/my_phpmyadmin.conf
- echo "dbc_dbpass=$PASS" >> /root/my_phpmyadmin.conf
65
- echo "dbc_dballow='localhost'" >>
- echo "dbc_dbserver='localhost'">>
- echo "dbc_dbport='3306'" >>
- echo "dbc_dbname='phpmyadmin'" >>
- echo "dbc_dbadmin='debian-sys-maint'">>
- echo "dbc_basepath=''" >> /root/my_phpmyadmin.conf
- echo "dbc_ssl=''">> /root/my_phpmyadmin.conf
- echo "dbc_authmethod_admin=''" >>
- echo "dbc_authmethod_user=''" >>
file” >> /root/log.txt
file”
- echo "VRA- Loading myphpadmin configuration" >>

/root/log.txt
- echo "VRA- Loading myphpadmin configuration"
- cp /etc/dbconfig-common/phpmyadmin.conf
/etc/dbconfig-common/phpmyadmin.conf.sav
- dpkg-reconfigure --frontend=noninteractive
phpmyadmin
- phpenmod mbstring
- echo "myphpadmin install complete" >>
/root/log.txt
- echo "VRA - myphpadmin install complete"
- echo "VRA - modifying apache2 start file" >>

/root/log.txt
- echo "VRA - modifying apache2 start file"
- echo "Include /etc/phpmyadmin/apache.conf" >>
/etc/apache2/apache2.conf
- echo "VRA - Reloading SSH and Apache2" >>

/root/log.txt
- echo "VRA - Reloading SSH and Apache2"
66
- systemctl reload apache2
- systemctl restart apache2
67
NOTE
The above YAML code does not include the inputs, the YAML code for the MySQL server
machine, or the YAML code for the network. You can scroll your blueprint to view the code.
12. Click CLOSE.
68
Task 4: Test and Delete the Deployment
You test and then delete your deployment to save the lab resources.
1. Go to Deployments.
2. Make sure that the phpMyAdmin-Local deployment is complete.
IMPORTANT
You have several cloud-config directives in your blueprint. Give your deployed systems time
to run these directives and to reboot.
You ensure that you open a console on the front-end server and not on the MySQL server.
4. Log into your deployed virtual machine (the front-end server) with the superadmin user
installed and that the superadmin account is accessible.
6. Enter the use myvRAdb command to verify that the myvRAdb database was not created.
69
10. Record the machine names and IP addresses that are assigned to your two deployed
machines. __________
11. Open a new tab on your browser and go to http://<front end IP>.
NOTE
You must use http: and not https:.
The default page for the Apache2 web server must appear. If the page does not appear,
troubleshoot your blueprint.
12. Open a new tab on your browser and go to http://<front end IP>/phpmyadmin.
The default page for the phpMyAdmin front-end server must appear. If the page does not
appear, troubleshoot your blueprint.
70
13. Log in to phpMyAdmin with superadmin as the user name and VMware1! as the password.
If you cannot log in to phpMyAdmin with the superadmin user account, you must
14. Close the phpMyAdmin browser tab and return to Cloud Assembly.
15. Delete the phpMyAdmin-Local deployment.
71
Lab 7 Configuring phpMyAdmin to
Connect to the MySQL Server
Objective and Tasks

Create the YAML code to connect your front-end phpMyAdmin server to the back-end MySQL
server, and deploy the blueprint to test the YAML:
1. Upload the YAML Blueprint
3. Examine the YAML Code That Connects the Front-End phpMyAdmin Server to the Back-
End MySQL Server
4. Test and Delete the Two Servers
5. Redeploy Your Blueprint with Nondefault Variables
72
Task 1: Upload the YAML Blueprint
You upload the YAML blueprint that deploys the front-end server and the back-end server and
connects them.
Assembly.
IMPORTANT
a. Open Chrome.
Option Action
Name Enter Complete Two-Tier System in the text box.
Description Enter Front end server plus MySql server with

phpMyAdmin installed and connected in the text box.

sharing in
Service Broker

C:\Materials\Blueprints\Answers\Complete-
phpmyadmin-mySQL.yaml.
73
2. Select the Complete Two-Tier System blueprint.
3. Deploy the Complete Two-Tier System blueprint to test it.
Option Action
Deployment Name Enter Two-Tier in the text box.
74
Task 3: Examine the YAML Code That Connects the Front-End
phpMyAdmin Server to the Back-End MySQL Server
You examine the YAML code that connects your front-end phpMyAdmin server to the back-end
MySQL server.
2. Open the Complete Two-Tier System blueprint for editing.
IMPORTANT
Do not change your YAML code.
3. The - echo command in the runcmds section of the YAML code is used to create a text
configuration file /root/my_phpmyadmin-host.conf in the front-end server.
The text file /root/my_phpmyadmin-host.conf that will be created when the Complete
Two-Tier System blueprint is deployed with the default inputs appears like this:
$i++;
$cfg['Servers'][$i]['host'] = '172.20.11.185';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['compress'] = 'FALSE';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'superadmin';
$cfg['Servers'][$i]['password'] = 'VMware1!';
This text file is used to connect phpMyAdmin to a remote MySQL server. You can connect
several remote MySql servers to phpMyAdmin. This vApp connects to only one remote
server. The /etc/phpmyadmin/config.inc.php file controls the remote MySQL
configuration of phpMyAdmin. The documentation for these parameters is available at
https://docs.phpmyadmin.net/en/latest/config.html.
Your configuration file must include the IP address that was assigned to the MySQL server.
The default MySQL server is mysql.vclass.local. You can override the default server and the
default IP by using your input variables when you deploy the blueprint.
75
4. Examine the code used to create the configuration file.
- echo "\$i++;" >> /root/my_phpmyadmin-host.conf

- echo "\$cfg['Servers'][\$i]['host'] =
'${input.ipaddress1}';" >> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['port'] = '3306';"
>> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['connect_type'] =
'tcp';" >> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['extension'] =
'mysql';" >> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['compress'] =
'FALSE';" >> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['auth_type'] =
'config';" >> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['user'] = '$USER';"
>> /root/my_phpmyadmin-host.conf
- echo "\$cfg['Servers'][\$i]['password'] =
'$PASS';" >> /root/my_phpmyadmin-host.conf
5. The cp command is used to back up the /etc/phpmyadmin/config.inc.php file

and copy the file to /etc/phpmyadmin/config.inc.php.sav.
6. The cat command is used to append /root/my_phpmyadmin-host.conf to the

/etc/phpmyadmin/config.inc.php file.
7. Examine the code to copy and create the files.
- echo "VRA - Adding remote host to phpmyadmin

configuration file"
- echo "VRA - Adding remote host to phpmyadmin
configuration file" >> /root/log.txt
- cp /etc/phpmyadmin/config.inc.php
/etc/phpmyadmin/config.inc.php.sav
- cat /root/my_phpmyadmin-host.conf >>
/etc/phpmyadmin/config.inc.php
76
8. Next the cloudConfig runcmd directives part of the YAML code for the front-end cloud
machine must reboot the server after the multihost configuration file was overwritten.
All services start with the correct configurations.
• - echo 'VRA - Cloud-init is done about to order reboot'

• power_state
• delay: +02
• mode: reboot
- echo 'VRA - Cloud-init is done about to order
reboot' >> /root/log.txt
- echo 'VRA - Cloud-init is done about to order
reboot'
power_state:
delay: +02
9. Click CLOSE to close your blueprint.
77
Task 4: Test and Delete the Two Servers
1. Navigate to Deployments.
2. Wait for your deployment to complete, then wait five more minutes.
Several cloud-config directives are available in your blueprint. Give the deployed system time
to run these directives and to reboot.
You must open a console on the front-end server and not the MySQL server.
4. Log in to your deployed virtual machine (the front-end server) with the superadmin user
If you have successfully installed a default MySQL server, the MySQL monitor should start.
6. Enter the use myvRAdb command to verify that the myvRAdb database is not created.
78
10. Record the machine names and IP addresses that are assigned to your two deployed
machines. ___________
The default page for the Apache2 web server must appear. If the page does not appear,
The default page for the phpMyAdmin front-end server must appear. The option to connect
to the local host and a remote host must be available. If this page does not appear,
79
13. Log in to phpMyAdmin.
Option Action
Username Enter superadmin in the text box.
Password Enter VMware1! in the text box.
Server Enter the IP address of your MySQL server. By default this is

Choice 172.20.11.185.
If you cannot log in to phpMyAdmin with the superadmin user account, troubleshoot your
blueprint.
14. Verify that myvRAdb appears in the left pane as one of your databases.
This database is available in the mysql.vclass.local server and not in the frontend.vclass.local
server. This database verifies that your front-end server is connected to the remote MySQL
database.
16. Delete the Two-Tier deployment.
80
Task 5: Redeploy Your Blueprint with Nondefault Variables
You redeploy the blueprint to test using nondefault variables and then delete your deployment to
save lab resources.
1. Verify that you are on the Cloud Assembly tab in Design > Blueprints.
2. Select the Complete Two-Tier System blueprint.
3. Deploy the Complete Two-Tier System blueprint to test.
Option Action
Deployment Name Enter Non-Default phpMyAdmin in the

text box.
MySQL IP Address Enter 172.20.11.191 in the text box.
MySQL hostname Enter newmysql in the text box.
Frontend hostname Enter secondfront in the text box.
Front End IP Address Enter 172.20.11.192 in the text box.
User name for the system administrator Enter superroot in the text box.
account
Password for the superadmin account Enter mynewpassword1! in the text box.
4. After your deployment is complete, use the vSphere Client to open a remote console on the
deployed front-end server.
IMPORTANT
You must wait for at least five minutes after the deployment is complete to allow the
cloudConfig code time to finish and the systems time to reboot.
You must open a console on the front-end server and not on the MySQL server.
5. Log in to your deployed virtual machine (the front-end server) with the superroot user
account and the mynewpassword1! password.
81
6. Enter the mysql -u superroot -p command to verify that the MySQL database is
10. Record the system names and IP addresses that are assigned to your two deployed
machines. __________
The default page for the Apache2 web server must appear. If this page does not appear,
13. Log in to phpMyAdmin.
Option Action
Username Enter superroot in the text box.
Password Enter mynewpassword1! in the text box.
Server Enter the IP address of your MySQL server. You must enter
Choice 172.20.11.191 as the address for the MySQL Server on this
deployment.
If you cannot log in to phpMyAdmin with the superadmin user account, troubleshoot your
blueprint.
15. Delete the Non-Default phpMyAdmin deployment.
82
Lab 8 Creating a Blueprint Using the
NSX-T Data Center Components
Objective and Tasks

Design a multitier blueprint with NSX-T Data Center network components:
1. Create Network Profiles
2. Create Multitier Blueprint: Define Virtual Machines
3. Create Multitier Blueprint: Define Networks
4. Create Multitier Blueprint: Security Groups
5. Create Multitier Blueprint: Define Load Balancer
6. Connect Network Components to Virtual Machines
83
Task 1: Create Network Profiles
You create network profiles for the Web, App, and DB nodes.
1. Open Chrome.
2. Select vRA-Standard from the vRA favorites menu.
3. Click GO TO LOGIN PAGE.
4. Log in to the vclass.local domain.
• User name: Eng-CA-Admin
• Password: VMware1!
5. Click Cloud Assembly.
6. Click the Infrastructure tab.
7. In the left pane, click Network Profiles.
8. Click +NEW NETWORK PROFILE.
9. Specify details on the Summary tab.
Option Action
Account / region Select SA-vCSA-01 / SA-Datacenter.
Name Enter Net-Web in the text box.
Description Enter Network profile for Web Tier in the text box.
Capability tags Enter net:web in the text box.
10. Click the Network Policies tab.
11. Select Create an on-demand network from the Isolation policy drop-down menu.
84
12. Specify the web network settings.
Option Action
Transport Zone Select SA-TZ-Overlay.
Tier-0 logical router Select SA-T0-Router.
Edge cluster Select SA-Edge-Cluster.
CIDR Enter 192.168.1.0/24 in the text box.
Subnet size Select /28 (~14 IP Addresses).
IP range assignment Select Static and DHCP.
13. Click CREATE.
15. Specify the details on the Summary tab.
Option Action
Name Enter Net-App in the text box.
Description Enter Network profile for App Tier in the text box.
Capability tags Enter net:app in the text box.
85
18. Specify the App network settings.
Option Action
19. Click CREATE.
21. Specify the details on the Summary tab.
Option Action
Name Enter Net-DB in the text box.
Description Enter Network profile for DB Tier in the text box.
Capability tags Enter net:db in the text box.
86
24. Specify the DB network settings.
Option Action
25. Click CREATE.
87
Task 2: Create the Multitier Blueprint: Define Virtual Machines
You create a multitier blueprint and define Web, App, and DB virtual machines.
1. Click the Design tab.
2. Click +NEW.
Option Action
Name Enter NSX-T_3-Tier in the text box.
Description Enter 3-Tier blueprint using NSX-T constructs in the text

box.
Project Select VMW-FIN.
3. Click CREATE.
4. In the left pane, drag Cloud Agnostic Machine to the design canvas.
5. Drag two additional instances of Cloud Agnostic Machine to the design canvas.
6. Click the first Cloud_Machine_1 in the design canvas.
7. In the YAML editor, remove Cloud_Machine_1 and enter VM-Web.
You renamed the VM display name. This name is added as a prefix in vCenter Server.
8. Change the names for the App and DB nodes.
a. Remove Cloud_Machine_2 and enter VM-App for the second VM.

b. Remove Cloud_Machine_3 and enter VM-DB for the third VM.
9. In the YAML editor, select the image and flavor for the VM-Web node.
Option Action
image Select VMW-Web.
flavor Select VMW-Small.
88
10. Select the image and flavor for the VM-App node.
Option Action
image Select VMW-App.
11. Select the image and flavor for the VM-DB node.
Option Action
image Select VMW-DB.
Your VM configuration in the blueprint appears similar to the screenshot.
12. Leave the design canvas open for the next task.
89
Task 3: Create the Multitier Blueprint: Define Networks
You define networks for the Web, App, and DB virtual machines.
1. In the left pane, drag NSX Network to the design canvas.
2. Drag two additional instances of NSX Network to the design canvas.
3. Click the first Cloud_NSX_Network_1 in the design canvas.
4. In the YAML editor, remove Cloud_NSX_Network_1.
5. Enter Net-Web.
You renamed the network display name. This name is added as a prefix in NSX-T Data
Center.
6. Change the names for App and DB networks.
a. Remove Cloud_NSX_Network_2 and enter Net-App for the second network.
b. Remove Cloud_NSX_Network_3 and enter Net-DB for the third network.
7. Change the Net-Web network profile.
a. Remove existing from networkType.
b. Select the routed network profile.
8. Add the constraint tag to the Net-Web network.
You must point your mouse to the end of routed.
a. Press Enter and select constraints.
b. Press Enter and select the net:web tag from the list.
9. Change the Net-App and Net-DB network profiles from existing to routed.
10. Add the constraint tags for the Net-App and Net-DB networks.
a. Select the net:app constraint tag for the Net-App network.
b. Select the net:db constraint tag for the Net-DB network.
Your network configuration in the blueprint appears similar to the screenshot.
11. Click CLOSE to exit from the design canvas.
90
Task 4: Create the Multitier Blueprint: Define Security Groups
You define security groups for the Web, App, and DB virtual machines.
2. In the left pane, click Network Profiles.
3. Click Open for the Net-Web network profile.
4. Click the Security Groups tab.
5. Click Add Security Group.
6. Select the VMware-Common-Web security group.
You added an existing security group created by NSX-T Enterprise Administrator. The rules
defined for this security group are applied to all the deployed VMs using the Net-Web
network profile.
7. Click SAVE.
9. Click the NSX-T_3-Tier blueprint to open the design canvas.
10. In the left pane, drag Cloud Agnostic Security Group to the design canvas.
11. Drag two additional instances of Security Groups to the design canvas.
12. Click the first Cloud_SecurityGroup_1 in the design canvas.
13. In the YAML editor, remove Cloud_SecurityGroup_1.

14. Enter SG-Web.
You renamed the security group display name. This name is added as a prefix in NSX-T Data
Center.
15. Change the names for the App and DB security groups.
a. Remove Cloud_SecurityGroup_2 and enter SG-App for the second security group.
b. Remove Cloud_SecurityGroup_3 and enter SG-DB for the third security group.
16. Change the SG-Web securityGroupType.
a. Remove existing from the securityGroupType.
b. Select new.
You can deploy this setting change in on-demand security groups.

17. Change the SG-App and SG-DB securityGroupType from existing to new.
18. From the SG-Web security group, remove the constraints: [] line.
91
19. Remove constraints: [] for the SG-App and SG-DB security groups.
The security group configuration in the blueprint appears similar to the screenshot.
92
Task 5: Create the Multitier Blueprint: Define the Load Balancer
You define the load balancer for the web virtual machines.
1. In the left pane, drag NSX Load Balancer to the design canvas.
2. Click Cloud_NSX_LoadBalancer_1 in the design canvas.
3. In the YAML editor, remove Cloud_NSX_LoadBalancer_1.
4. Enter LB-Web.
You renamed the load balancer display name. This name is added as a prefix in NSX-T Data
Center.
5. Remove [] from routes:.
6. Press Enter.
7. Select Protocol.
8. Select TCP.
9. Press Enter.
10. Select Port.
11. Enter 443.
You must not enter instanceProtocol or instancePort in this case. The specified protocol and
port from the previous step are used for the instances.
12. In the VM-Web section, point the mouse after properties:.
13. Press Enter.
14. Select Count.
15. Enter 2.
The load balancer configuration in the blueprint appears similar to the screenshot.
93
Task 6: Connect Network Components to Virtual Machines
You connect networks, security groups, and the load balancer to the Web, App, and DB nodes.
1. Connect the Net-Web network to the VM-Web virtual machine.
a. Click the Net-Web network in the design canvas.
b. Click the circle and drag the line that appears with the VM-Web virtual machine.
2. Connect the Net-App network to the VM-App virtual machine.
3. Connect the Net-DB network to the VM-DB virtual machine.
4. Connect the SG-Web security group to the VM-Web virtual machine.
a. Click SG-Web network in the design canvas.
c. Select the NIC0: Net-Web adapter.
d. Click SAVE.
5. Connect the SG-App security group to the VM-App virtual machine.
6. Connect the SG-DB security group to the VM-DB virtual machine.
7. Connect LB-Web load balancer to VM-Web virtual machine.
a. Click the LB-Web load balancer in the design canvas.
8. Connect the LB-Web load balancer to the Net-Web network.
a. Click the LB-Web load balancer in the design canvas.
b. Click the circle and drag the line that appears with the Net-Web network.
The topology appears similar to the screenshot.
94
9. Click TEST.
You must not see any errors. If any errors appear, review the message and revisit your
configuration from previous tasks.
10. Click CLOSE.
95
Lab 9 Deploying the Blueprint and
Validating the NSX-T Data Center
Objects
Objective and Tasks

You deploy the 3-tier blueprint, review, and validate the deployed NSX-T Data Center objects:
1. Deploy the 3-Tier Blueprint
2. Review the Deployed NSX-T Data Center Objects
3. Validate the Application and Load Balancer
4. Validate the Security Rules
5. Save the Lab Resources
97
Task 1: Deploy the 3-Tier Blueprint
You deploy the three-tier blueprint with the NSX-T Data Center components.
1. Open Chrome.
7. Select the NSX-T_3-Tier blueprint and click Deploy.
8. Specify the deployment.
Option Action
Deployment Enter FIN-NSX-T_3-Tier in the text box.

Name
Description Enter 3-Tier blueprint using NSX-T constructs. in

the text box.
9. Click DEPLOY.
You must wait for the deployment to finish. This step might take up to 5 minutes.
98
Task 2: Review the Deployed NSX-T Data Center Objects
You log in to the NSX-T Data Center policy manager to validate the deployed components.
1. Open a new Chrome tab and select NSX Manager from the Infrastructure favorites menu.
2. Log in to the NSX-T Policy Manager.
• User name: admin
• Password: VMware1!VMware1!
3. Click MANAGER in the top-right corner.
4. Click the Networking tab.
5. Click Logical Switches in the left pane.
Q1. Do you see three networks created from Web, App, and DB profiles?
A1. Yes.
Q2. In the Logical ports column, why do you see four ports for the Net-Web logical
switch?
A2. The b lueprint has dep loyed two web nodes.
6. Click Tier-1 Logical Routers in the left pane.
Q3. Do you see three Tier-1 routers for Web, App, and DB VMs?
A3. Yes.
Q4. Are the Tier-1 routers connected to the Tier-0 router?

A4. Yes.
7. Click the Inventory tab.
8. Click Groups in the left pane.
Q5. Do you see three on-demand security groups created for Web, App, and DB
VMs?
A5. Yes.
Q6. Why do you see two Direct Members for the SG-Web security Group?
A6. The b lueprint has dep loyed two web nodes.
NSX Administrator creates the VMware-Common-Web security group. vRealize Automation

discovers the group during the data collection process. You used the VMware-Common-
Web security group in the Net-Web network profile.
9. Click the Security tab.
10. Click Distributed Firewall in the left pane.
The Web-Block-Rule is a security rule written by NSX-T Administrator to block certain traffic
to all the web nodes.
Q7. What is the Destination defined for Web-Block-Rule?

A7. VMware-Common-Web sec urity gro up.
99
12. Click Load Balancing in the left pane.
Q8. Do you see the LB-Web prefix assigned for the load balancer?
A8. Yes.
13. Click the Virtual Servers tab.
Q9. What is the protocol and port assigned to the virtual server?
A9. TCP 443.
14. Record the IP Address assigned to the virtual server. _______
The default IP Address is 192.168.1.2. If you see a different IP address, record the IP address
as you need this information for the next task.
15. Log out of the admin user account.
16. Close the current NSX-T Policy Manager tab.
100
Task 3: Validate the Application and Load Balancer
You validate the deployed three-tier application and the load balancer behavior.
1. Open a new Chrome tab.
2. Enter the URL in the address bar.

https://192.168.1.2/cgi-bin/app.py
If the virtual server IP from the previous task is different, replace 192.168.1.2 with the virtual
server IP address.
The Customer Database Access page similar to the screenshot appears.
101
3. Go to the vRealize Automation console.
If you are logged out, log in using the credentials.
5. Click the FIN-NSX-T_3-Tier deployment.
6. Click the VM-Web virtual machine from the topology tab.
7. In the right pane, click ACTIONS for the VM-Web[0] VM.
8. Click Power Off and click SUBMIT.
9. Click the vertical ellipsis in the top-right corner of Chrome and click New incognito window.
10. Enter the URL in the address bar.
https://192.168.1.2/cgi-bin/app.py
As one of the web nodes is powered off, the load balancer redirects the requests to next
available node and validates the function of the load balancer.
11. Close the Chrome tab.
102
Task 4: Validate the Security Rules
You validate the security rules for the web nodes.
1. Open the command prompt from the student desktop.
2. Verify the ICMP reply for the web node.

ping 192.168.1.10
ICMP replies do not appear from the web node.
3. Start the Putty application on the student desktop.
4. Enter 192.168.1.10 in the Host Name text box and click Open.
5. Log in to the web node.
• User name: root
Q1. You cannot ping the Web node but you can use SSH. Why?
A1. Security Rule e xists in NSX- T D ata Ce nter to b loc k t he ICMP traffic.
6. In the command prompt window, enter the command.
telnet 192.168.1.10 80
7. In the command prompt window, enter the command.
telnet 192.168.1.10 443.

8. Press Ctrl+C to exit.
Q2. You cannot access port 80. You are able to access port 443. Why?
A2. Security Rule is in NSX-T Dat a Center to b lock the H TTP tr affic.
9. Go to the NSX-T Policy Manager Chrome tab.
10. Click Manager in the top-right corner.
11. Click the Security tab.
12. Click Distributed Firewall in the left pane.
The Web-Block-Rule for the VMware-Common-Web security group must explain the
behavior of not being able to access certain ports on the web node.
13. Log out from NSX-T Policy Manager and close the Chrome window.
14. Close the command prompt window.
15. Close the SSH session to the web node.
103
Task 5: Save the Lab Resources
You destroy your multitier deployment to free resources.
1. In the vRealize Automation console, click the Deployments tab.
2. Click ACTIONS next to FIN-NSX-T_3-Tier.
3. Click Delete.
4. Click SUBMIT.
104
Lab 10 Using vRealize Orchestrator to
Create a DNS Entry When vRealize
Automation Deploys a System
Objective and Tasks

Use a vRealize Orchestrator workflow to add a DNS entry when vRealize Automation deploys a
system:
1. Prepare Your PowerShell Host
2. Connect Your PowerShell Endpoint in vRealize Orchestrator
3. Import and Modify a YAML Blueprint to Create an Ubuntu VM with a Static IP address
4. Import a vRealize Orchestrator Package
5. Wait for the Data Collection
6. Create a Subscription
7. Deploy Your Ubuntu System
105
Task 1: Prepare Your PowerShell Host
You use PowerShell to run a command that adds a DNS entry to the DNS host. To simplify the
connection of vRealize Orchestrator to PowerShell, you must first open security on the
PowerShell host.
NOTE
To simplify this lab, you reduce the security on the PowerShell host.
1. Click the Remote Desktop Connection Manager icon.
2. Double-click DC (vclass.local).
3. On the dc.vclass.local desktop, open a command prompt.
4. Enter winrm quickconfig.
Several default settings are set in Winrm.
5. Enter winrm set winrm/config/service/auth @{Basic=”true”}.
A list of configuration settings, including Basic = true, appear on Winrm.
You must enter {} and not parentheses with the Basic="true" parameter.
Unencrypted communications indicate that vRealize Orchestrator can use the HTTP protocol
instead of HTTPS to communicate with the PowerShell host. Encrypted communications
require an exchange of valid digital certificates.
106
6. Enter winrm set winrm/config/service
@{AllowUnencrypted=”true”}.
A list of configuration settings, including AllowUnencrypted = true, appear on
Winrm.
You must enter braces {} and not parentheses with the Basic="true" parameter.
7. Close the command prompt on the dc.vclass.local desktop.
8. Click the Windows Start menu icon on the DC server.
9. Click the Windows PowerShell ISE icon.
10. Enter set-executionpolicy bypass and click Yes.
A bypass execution policy in PowerShell allows vRealize Orchestrator to send commands to

this Windows server without scripts signed by digital certificates. This policy is acceptable for
lab or test environments. Production systems must always use valid digital certificates that
trusted certificate authorities sign.
11. Close the Windows PowerShell ISE pane.
12. Close Remote Desktop Connection Manager.
107
Task 2: Connect Your PowerShell Endpoint in vRealize Orchestrator
You connect vRealize Orchestrator to the PowerShell host so that workflows can run the
PowerShell commands.
1. (Optional) Log in to vRealize Orchestrator and log in to Cloud Assembly.
Use this step only if you do not have two browser tabs that are currently logged in to
vRealize Orchestrator and Cloud Assembly.
a. Start Chrome and open a new tab for vRealize Orchestrator.
g. Open a new tab in the Chrome browser.
h. Use the shortcut to go to vRA > vRA-Standard.
i. Click GO TO LOGIN PAGE.
j. Click Orchestrator.
k. Verify that you have two Chrome tabs open.
One tab is for Cloud Assembly and the other tab for the vRealize Orchestrator Client.
l. Click the Orchestrator Client tab.
2. Go to Library > Workflows.
3. Enter add in the Filter text box.
4. Enter powershell in the Filter text box to give a second filter.
Two filters are created. The Add a PowerShell host workflow appears.
You can click anywhere above the filter text box to remove the third filter text box.
5. Click RUN in the Add a PowerShell host workflow catalog card.
108
6. Run the workflow.
Option Action
Powershell Host Name Enter DomainController in the text box.
Host / IP Enter dc.vclass.local in the text box.
Port Enter 5985 in the text box.
7. After you enter the Name, Host or IP, and Port information, click the User Credentials tab.
8. Enter the User Credentials information.
Option Action
Session mode Leave at the default setting of Shared Session.
User name Enter administrator@vclass.local in the text box.
You must use the administrator@<vclass.local> account and not the

administrator@<vsphere.local> account. You are connecting to the Windows domain
controller.
9. Click RUN.
10. Verify that the Add a PowerShell Host workflow runs successfully and ends with the
Completed status.
11. If your workflow run fails, click RUN AGAIN and verify your inputs.
12. After your workflow runs, click CLOSE.
109
Task 3: Import and Modify a YAML Blueprint That Creates an Ubuntu
VM with a Static IP Address
You import a blueprint that creates an Ubuntu system and sets a static IP address. You modify
the blueprint by adding custom properties.
NOTE
This lab deploys an Ubuntu system with a static IP by using a hard-coded Netplan
configuration file.
This technique is used in this lab to send the IP address and host name to vRealize
Orchestrator easily.
Using a hard-coded Netplan configuration file to set the static IP address is not a best
practice. The best practice to set a static IP address in a YAML blueprint with cloudConfig is
to use a STATIC directive and prepare your Ubuntu template using the information in
https://docs.vmware.com/en/vRealize-Automation/8.0/Using-and-
Managing-Cloud-Assembly/GUID-57D5D20B-B613-4BDE-A19F-223719F0BABB.html.
1. Click the Cloud Assembly tab to go to Cloud Assembly.
3. Click UPLOAD and upload the blueprint information.
Option Action
Name Enter Ubuntu-Add-DNS in the text box.
Description Enter An Ubuntu server with a static IP address

that will use vRealize Orchestrator to add a DNS
entry in the text box.

sharing in
Service Broker
Upload file C:\Materials\Blueprints\Ubuntu-Add-DNS.yaml
4. Click UPLOAD.
5. Click Ubuntu-Add-DNS to open the blueprint for editing.
110
6. Add the following items in the YAML code after the flavor: VMW-Small line.
Setting Value
userDefinedString: '${input.hostname1}'
userDefinedNumber: '${input.ipaddress}'
7. Change component_Id from Cloud_Machine_1 to DNS-VM.
a. Point before the colon in Cloud_Machine_1.
b. Press Backspace to delete Cloud_Machine_1.
c. Enter DNS-VM: in the text box.
8. Verify that your YAML code matches the output.
9. Test your blueprint with the values.
Setting Value
hostname Ubuntu185
ipaddress 172.20.11.185
10. Click CLOSE.
111
Task 4: Import a vRealize Orchestrator Package
You import a vRealize Orchestrator package. The workflow in this package receives the custom
properties from vRealize Orchestrator and uses them to add a DNS entry to the DNS server.
1. Click the Orchestrator Client tab to go to vRealize Orchestrator.
2. Go to Assets > Packages.
3. Click IMPORT and import the C:\Materials\vRO\vRA-Add-DNS.package file.
4. If you are prompted to, click TRUST.
5. Click IMPORT.
6. Go to Library > Workflows after you successfully import the file.
7. Click OPEN on the vRA-Add-DNS catalog card to open the workflow for editing.
8. Click Variables.
9. Click Host.
10. Click the Value text box.
11. Expand PowerShell and select DomainController.
112
12. Click SELECT and click SAVE.
13. Click VALIDATE.
14. When the Validation is successful message appears, click CLOSE.
If the validation fails, reset the host variable.
15. Click Schema and review your workflow.
The schema has three elements: Examine inputProperties, Build Command, and Invoke a
PowerShell script.
Your code in the Examine InputPropertites element assigns userDefinedString to the

hostName variable and the userDefinedNumber to the ipAddress. Both of these
variables (including userDefinedNumber) are string variables.
// Extract two user-defined custom properties.

userDefinedString =
customProperties.get("userDefinedString");
userDefinedNumber =
customProperties.get("userDefinedNumber");
// Use the user-defined custom properties.

ipAddress = userDefinedNumber;
hostName = userDefinedString;
This script uses the userDefinedNumber custom property, which is a variable set in
your blueprint YAML code, to get the IP address. You can get the actual IP address that is
assigned to a virtual machine from the addresses input property. The example includes
ipaddr = inputProperties.get('addresses'); JavaScript code. The
addresses input property is an array. If only one IP address is assigned to the virtual
machine, inputProperties.get('addresses'); returns that address. If multiple
IP addresses are assigned, the addresses property contains a subarray of values (a comma-
separated list of IP addresses) that you must parse.
The inputs and outputs from the Examine InputProperties element appear.
113
The Build Command element creates a PowerShell command that includes hostname and
ipAddress.
pshellCommand = cmdletName +' -Name "' + hostName + '" -
ZoneName "' + zoneName + '" -CreatePtr -IPv4Address
"'+ipAddress+'"'
The cmdletName and zoneName variables are hardcoded in the workflow as Add-
DnsServerResourceRecordA and vclass.local respectively. You can view
them if you click the Variables tab for the entire workflow.
This text is all concatenated into a single string that is loaded to the pshellCommand
variable and output to the final element.
The final element in the workflow is a standard vRealize Orchestrator element that starts a
PowerShell script on a preconnected PowerShell host. For example:
Add-DnsServerResourceRecordA - Name Ubuntu192 -ZoneName

vclass.local -CreatePTR 172.20.11.192
16. Click SAVE.
17. Click SAVE to answer Do you want to save the changes you made?
18. Click CLOSE.
114
Task 5: Wait for the Data Collection
You wait for the data collection to make sure that Cloud Assembly is aware of the new vRealize
Orchestrator workflow.
1. Go to the Cloud Assembly tab on Chrome.
2. Go to Infrastructure > Connections > Integrations.
3. Click Open on the embedded-VRO card.
4. Wait for the data collection.
A status message that indicates that data collection is complete appears.
Data collection occurs every 10 minutes.
115
Task 6: Create a Subscription
You create a subscription to run a vRealize Orchestrator workflow after the virtual machine is
provisioned.
1. Verify that you are on the Cloud Assembly logged into Cloud Assembly.
2. Click Extensibility.
3. Go to Subscriptions and click +NEW SUBSCRIPTION.
4. Enter Add Host to DNS in the Name text box.
5. Enter Add the Hostname and IP address of a deployed vRA

machine to the DNS server in the Description text box.
6. Add the +ADD in Event Topic.
7. Click Compute post provision and click SELECT.
8. Move the Condition slider to the right to turn on filtering.
9. Enter event.data.componentId == 'DNS-VM' in the Condition text box.
componentId is the name of the component in the YAML blueprint.
The event.data filter is case-sensitive. You must enter it correctly. Only the letter
I in Id is capitalized. All the other letters of event.data.componentId are in the
lower case. The component name is also case-sensitive. DNS-VM is uppercase.
10. Click +ADD in Action/workflow.
11. Select vRO Workflow in the Runnable type drop-down menu.
12. Enter DNS in the Search text box and select the vRA-Add-DNS workflow.
116
13. Click SELECT.
14. Verify that the Blocking slider is in the default left position (no blocking).
15. Verify that the Subscription scope slider is in the default right to turn on any project.
16. Click SAVE.
117
Task 7: Deploy Your Ubuntu System
You deploy the blueprint to test your subscription and workflow.
2. Select the Ubuntu-Add-DNS blueprint.
3. Deploy the Ubuntu-Add-DNS blueprint.
Option Action

Type
Deployment Enter DNS-Test in the text box.

Name
Inputs Enter Ubuntu92 for the host name and 172.20.11.192 for the IP
address.
You must click NEXT to enter the Inputs.
4. Click DEPLOY when you have entered your inputs.
5. Click CLOSE.
6. Wait for your deployment to complete.
The deployment takes about 10 minutes.
7. After your deployment is complete, click the Orchestrator Client tab to go to vRealize
Orchestrator.
8. Go to Activity > Workflow Runs.
118
9. Locate the vRA-Add-DNS workflow run in the recent workflows that you have run.
If the vRA-Add-DNS workflow run does not appear, your subscription has failed to call the
workflow. You must verify your subscription settings, including the
event.data.componentId filter.
10. Open the vRA-Add-DNS workflow run.
You can ignore the red time indicator on the part of the schema that calls the PowerShell
command. The red indicator indicates the part of the workflow that ran slowly. The call to
PowerShell takes less than 30 seconds to run.
11. Verify that the vRA-Add-DNS workflow status is Completed.
If the Status appears as Failed, a problem with your workflow exists. You verify that you set
the PowerShell host correctly.
12. Click the Logs tab.
119
13. Verify your log.
The log must include the host name and the IP address sent to PowerShell.
14. Click CLOSE.
15. Use the Remote Desktop Connection Manager to log in to the Domain Controller
(dc.vclass.local).
16. Use the DNS Manager icon on the dc.vclass.local toolbar to open the DNS Manager.
17. Expand the vclass.local forward lookup zone and verify that the Ubuntu92 host name with
the 172.20.11.192 IP address exists.
18. Click the refresh icon in the DNS Manager view to view the new DNS entry.
21. Do not delete the DNS-Test deployment as you need it for the next lab.
120
Lab 11 Using vRealize Orchestrator to
Delete a DNS Entry When vRealize
Automation Deploys a System
Objective and Tasks

Use the vRealize Orchestrator workflow to delete a DNS entry when vRealize Automation
deploys a system:
1. Import and Modify a vRealize Orchestrator Workflow
2. Wait for the Data Collection
4. Delete the Ubuntu System
121
Task 1: Import and Modify a vRealize Orchestrator Workflow
You import and modify a workflow from a vRealize Orchestrator package. Your new workflow
deletes a DNS entry.
3. Click IMPORT and browse to the C:\Materials\vRO\vRO

Packages\com.vmware.vRAAFT-Research.package file.
IMPORTANT
You import only one workflow. Do not import the entire package.
4. Click OPEN.
5. Click TRUST.
6. Click the Package elements tab.
7. Double-click the select box by Name to select and then deselect all elements.
IMPORTANT
You must verify that all the elements are deselected.
8. Select the vRA-Delete-DNS workflow element.
9. Click the General tab and click IMPORT.
11. Search for the vRA-Delete-DNS workflow that you imported.
12. Click OPEN on the vRA-Delete-DNS catalog card and open it for editing.
13. Click Variables.
14. Click the cmdletName variable and verify that the Value is set to Remove-
DnsServerResourceRecord.
The cmdletName variable is case-sensitive. Dns is not DNS.
The end of cmdletName does not have the letter A.
15. Click SAVE to save the cmdletName value in case you make any change.
If you do not make any changes, click CANCEL.
16. Click Host.
122
19. Click SELECT and click SAVE to save the host variable value.
20. Click Schema.
21. Click the Build Command schema element.
22. Click the Scripting tab.
23. Verify that your script matches the following code.
pshellCommand = cmdletName +' -Name "' + hostName + '" -

ZoneName "' + zoneName +'" -Force -RRType ' + '"A"';
System.log("pshellCommand is " + pshellCommand);
The text is concatenated to a single string that is loaded to the pshellCommand variable
and output to the final element.
For example, you can provide the following command to PowerShell:
Remove-DnsServerResourceRecord - Name "Ubuntu192" -ZoneName

"vclass.local" -Force -RRType "A"
123
You enter the script manually. You must create and understand your own scripts. However,
if you cannot get the correct script code, use the
C:\Materials\vRO\Build_Command_Script_Delete_DNS.txt file to copy
and paste the code. If you copy and paste, you have to enter
System.log("pshellCommand is " + pshellCommand); in the second line
of the script.
NOTE
You must not make any change to this script.
24. Click VALIDATE and correct any errors that appear.
25. Click CLOSE on the validation message.
26. Click CLOSE.
27. Click SAVE and click SAVE on the Do you want to save the changes you
made? message.
124
Task 2: Wait for the Data Collection
You wait for the data collection to ensure that Cloud Assembly is aware of the new vRealize
Orchestrator workflow.
1. Go to the Cloud Assembly tab on Chrome.
2. Go to Infrastructure > Connections > Integrations.
3. Click Open on the embedded-VRO card.
4. Wait for the data collection to occur.
A status message that indicates that data collection is complete appears.
Data collection occurs every 10 minutes.
125
You create a subscription to run a vRealize Orchestrator workflow after the virtual machine is
provisioned.
1. Click the Cloud Assembly browser tab to go to Cloud Assembly.
2. Click Extensibility.
3. Go to Subscriptions and click +NEW SUBSCRIPTION.
4. Enter Delete Host from DNS in the Name text box.
5. Enter Delete the Hostname and IP address of a deployed vRA

machine from the DNS server in the Description text box.
6. Add the +ADD in Event Topic.
7. Click Compute post removal and click SELECT.
8. Move the Condition slider to the right to turn on filtering.
9. Enter event.data.componentId == 'DNS-VM' in the Condition text box.
componentId is the name of the component in the YAML blueprint.
The event.data filter is case-sensitive. You must enter it correctly. Only the letter I in
Id is capitalized. All the other letters of event.data.componentId are in the lower
case. The component name is also case-sensitive. DNS-VM is uppercase.
10. Click +ADD in Action/workflow.
11. Select vRO Workflow in the Runnable type drop-down menu.
12. Enter DNS in the Search text box and select the vRA-Delete-DNS workflow.
126
13. Click SELECT.
14. Verify that the Blocking slider is in the default left position (no blocking).
15. Verify that the Subscription scope slider is in the default right to turn on Any project.
16. Click SAVE.
127
Task 4: Delete the Ubuntu System
You delete your previous deployment to test your subscription and workflow.
1. Verify that you are on the Cloud Assembly browser tab.
3. Delete the DNS-Test deployment.
NOTE
If your deployment is not deleted after five minutes, click the refresh icon on the browser to
verify that the deletion has not finished.
4. After your deployment is deleted, click the Orchestrator Client tab to go to vRealize
Orchestrator.
6. Locate the vRA-Delete-DNS workflow run in the recent workflow runs.
If the vRA-Delete-DNS workflow run does not appear, your subscription has failed to call the
workflow. You must verify your subscription settings, including the
event.data.componentId filter.
7. Open the vRA-Delete-DNS workflow run.
You can ignore the red time indicator on the part of the schema that calls the PowerShell
command. The red indicator indicates the part of the workflow that ran slowly. The call to
PowerShell takes less than 30 seconds to run.
8. Verify that the vRA-Delete-DNS workflow status is Completed.
If the Status appears as Failed, a problem with your workflow exists. Verify that you set the
PowerShell host correctly.
10. Verify your log.
The log must include the host name and the IP address sent to PowerShell.
11. Click CLOSE.
128
12. Use the Remote Desktop Connection Manager to reconnect to the dc.vclass.local domain
controller.
13. Go to DNS Manager.
14. Expand the vclass.local forward lookup zone and click the refresh icon.
15. Verify that the Ubuntu92 host name with the 172.20.11.192 IP address is deleted.
129
Lab 12 Creating a Custom Resource to
Manage Active Directory Users
Objective and Tasks

Create a custom resource to manage active directory users:
1. Connect Your Active Directory Server in vRealize Orchestrator
2. Connect Your vCenter Server System in vRealize Orchestrator
3. Create a Custom Resource
4. Import and Modify a YAML Blueprint That Creates an Ubuntu VM with a User Account
5. Deploy the Ubuntu System and Test the Custom Resource
6. Test the Add a User to a User Group Additional Action
7. Test the Additional Actions
8. Delete the Ubuntu System and the Active Directory User
130
Task 1: Connect Your Active Directory Server in vRealize
Orchestrator
You connect vRealize Orchestrator to the Active Directory server so that Active Directory
workflows operate on your domain controller.
If Chrome is already running, but a tab logged in to vRealize Orchestrator is not open,
open a new tab.
g. Open a new tab in Chrome.
h. Navigate to vRA > vRA-Standard using the shortcut.
k. Start Chrome with two browser tabs.
You verify that one tab is for Cloud Assembly and one for the Orchestrator Client are
available.
l. Click the Orchestrator Client browser tab.
3. Click the tree view icon on the upper right of the page.
4. In the Workflows navigation pane, navigate to Library > Microsoft > Active Directory >
Configuration.
5. Click the Add an Active Directory server workflow.
6. Click RUN.
131
Option Action
Configuration Name Enter VCLASSLOCAL in the text box.
Base Enter dc=vclass,dc=local in the text box.
Use SSL Select this option.
Do not ask for confirmation when Keep the default setting of selected. This option
importing an SSL certificate. appears when you select Use SSL.
Default Domain Enter vclass.local in the text box.
8. Click the Authentication tab to enter the Bind Type, Use a shared session, User name, and
Password information.
9. Enter the Authentication values.
Option Action
Bind Type Select Simple
Use a shared session Select this option.
User name for shared Enter administrator@vclass.local in the text

session box.
Password for shared session Enter VMware1! in the text box.
IMPORTANT
Make sure you use the account administrator@vclass.local and not

administrator@vsphere.local.
132
10. Click RUN.
NOTE
This workflow takes a minute or two to run.
11. Verify that your workflow is successful.
If your workflow run fails, click RUN AGAIN and verify your inputs.
12. Click CLOSE.
133
Task 2: Connect Your vCenter Server System in vRealize
Orchestrator
You connect vRealize Orchestrator to your vCenter Server system so you can manage the
vCenter Server inventory.
2. Click the tree view icon on the upper right of the page.
3. In the Workflows navigation pane, navigate to Library > vCenter > Configuration.
4. Click the Add a vCenter Server instance workflow.
5. Click RUN.
Option Action
IP or host name of the vCenter Server instance Enter sa-vcsa-01.vclass.local

to add in the text box.
Port Verify that 443 is in the text box.
Location of the SDK that you use to connect to Verify that /sdk is in the text box.
the vCenter Server instance.
Will you orchestrate this instance? Select this option.
Do you want to ignore certificate warnings? Select this option.
7. Click the Set the connection properties tab to enter user name and password.
134
8. Enter the connection properties values:
Option Action
Do you want to use a session per user Deselect this option.

method to manage user access to the
vCenter Server system?
User name of the user Orchestrator will Enter administrator@vsphere.local

use to connect to the vCenter Server in the text box.
instance.
Password of the user Orchestrator will Enter VMware1! in the text box.
use to connect to the vCenter Server
instance.
9. Click RUN.
10. Verify that your workflow is successful.
If your workflow run fails, click RUN AGAIN and verify your inputs.
IMPORTANT
If sa-vcsa-01.vclass.local is already connected in your lab configuration, this workflow run

fails. If a Failed message appears, check the error message. If your error message is that the
host is already registered, you can ignore the failure.
11. Click CLOSE to close the workflow.
135
Task 3: Create a Custom Resource
You create a custom resource to manage Active Directory users.
2. Go to Design > Custom Resources.
3. Click +NEW CUSTOM RESOURCE.
4. Enter AD-User-Management in the Name text box.

5. Enter Create, delete and manage AD users in the Description text box.
6. Enter Custom.ADUserMan in the Resource Type text box.
7. Enter AD:User in the External Type text box.
The External Type must match the Type of the main variable that is used as an output
variable in the create workflow and as an input variable in the destroy workflow.
8. Move the Activate slider to the right so that the custom resource is active.
9. Verify that the Scope slider is in the right position (ON).
10. Click +ADD in the Create dialog box.
11. Enter Create a user in the Search text box.
12. Select the Create a user with a password in an organizational unit workflow and click
ADD.
Custom resources must have the create workflow. The create workflow must output a
variable of the same type as External Type referenced in the custom resource.
13. Click +ADD in the Destroy dialog box.
14. Search for the Destroy a user workflow and select it.
Custom resources must have the destroy workflow. The destroy workflow must input a
variable of the same type as External Type referenced in the custom resource.
136
15. Verify that your custom resource matches the following code.
16. Scroll down to Additional actions.
17. Under Additional actions, click +ADD and add the actions.
• Change a user password
• Disable a user
• Add a user to a user group
• Create virtual machine folder
• Move virtual machine to folder
137
For each action, you can include the Name and Menu label that matches the action. The
Name and the Menu label can be identical to the workflow name or you can create a
different Menu label and Name. You do not set conditions.
NOTE
Unlike the Create, Update, and Destroy Lifecycle Actions, the Additional actions do not have
to be related to the External Type that was previously specified. This allows you to add
other useful workflows that are unrelated to your custom resource. In this lab you are adding
several machine management workflows that are unrelated to the Active Directory user
management.
18. Click the Request Parameter icon on the Create virtual machine folder action.
138
If you are prompted, click SAVE before the custom form editor opens.
19. Click Parent folder on the design canvas.
20. In the right pane, select Value Picker from the Display type drop-down menu.
21. Click SAVE.
22. Scroll down and click CREATE to save your new custom resource.
139
Task 4: Import and Modify a YAML Blueprint That Creates an Ubuntu
VM with a User Account
You import a blueprint that creates an Ubuntu system and creates a user account. You modify
the blueprint by adding custom resources.
2. Click UPLOAD and upload a blueprint.
Option Value
Name Enter Ubuntu-CR in the text box.
Description Enter An Ubuntu server with a static IP address

that will use vRealize Orchestrator to create an
Active Directory user in the text box.

sharing in
Service Broker
Upload file C:\Materials\Blueprints\Ubuntu-CR.yaml
3. Click UPLOAD.
4. Click Ubuntu-CR to open the blueprint for editing.
5. Click the refresh icon to the right of Search Resource Type in the left resource pane.
6. Scroll down and locate the AD-User-Management custom resource under Custom Resource.
140
7. Click AD-User-Management and drag it to the design canvas above Cloud_Network and to
the left of Ubuntu-CR.
NOTE
If you cannot drag a custom resource into your blueprint, close the Chrome browser and
reopen it.
8. Add the code for the input variables userDisplayName and userOU.
userDisplayName:
type: string
title: User Display Name
userOU:
type: object
title: Organizational Unit
$data: 'vro/data/inventory/AD:OrganizationalUnit'
properties:
id:
type: string
type:
type: string
141
NOTE
This code belongs in the inputs section. You can start it after the description line for the pass
input.
The YAML code is alignment-sensitive. Do not use tabs in YAML. Use the SPACE bar to
align your code.
9. Modify the Custom_ADUserMan_1 code to match the following code.
resources:
Custom_ADUserMan_1:
type: Custom.ADUserMan
properties:
accountName: '${input.user}'
displayName: '${input.userDisplayName}'
ouContainer: '${input.userOU}'
domainName: vclass.local
password: '${input.pass}'
confirmPassword: '${input.pass}'
changePasswordAtNextLogon: false
142
10. Verify that the first part of your YAML code matches the following output.
11. Test your blueprint with the values.
Option Action
hostname Enter UbuntuCR in the text box.
User name Enter ENG-CA-User03 in the text box.
User Display Enter ENG-CA-USER03 in the text box.

Name
Organization Unit Enter e in the text box. Wait for the search function to work, scroll down,
and select ENG.
143
If the blueprint fails the test, correct the syntax problems.
NOTE
If you cannot solve the blueprint, you can cut and paste the text from a copy available at
c:\Materials\Blueprints\Answers\Ubuntu-CR-Answer.yaml.
12. Click CLOSE.
144
Task 5: Deploy the Ubuntu System and Test the Custom Resource
You deploy the blueprint to test your custom resource.
2. Select the Ubuntu-CR blueprint.
3. Deploy and test the Ubuntu-CR blueprint.
Option Action
Deployment Name Enter CR-Test
hostname Enter UbuntuCR in the text box.
User name Enter ENG-CA-User03 in the text box.
User Display Name Enter ENG-CA-USER03 in the text box.
Organization Unit Enter e in the text box. Wait for the search function to work, scroll
down, and select ENG.
4. Click DEPLOY.
5. Click History and view the custom resource that is called.
6. Click CLOSE when the Create Successful message appears.
7. After the deployment is complete, click the Orchestrator Client tab to go to vRealize
Orchestrator.
145
9. Find the Create a user with a password in an organizational unit workflow run in the recent
workflow runs.
If the Create a user with a password in an organizational unit workflow run does not appear,
your custom resource has failed to call the workflow. Verify your custom resource settings,
the names of the work flows, and the External Type setting.
10. Open the Create a user with a password in an organizational unit workflow run.
You can ignore the red time indicator on the createUserWithPassword schema element. The
red indicator indicates the part of the workflow that ran slowly. The
createUserWithPassword schema element takes less than a few seconds to run.
11. Verify that the Create a user with a password in an organizational unit workflow status
appears Completed.
12. Click CLOSE.
13. Use Remote Desktop Connection Manager to log in to the dc.vclass.local domain controller.
14. Use the Active Directory Users and Computers icon on the dc.vclass.local toolbar to open
Active Directory.
146
15. Expand ENG OU and verify that the ENG-CA-User03 user exists.
You click the refresh icon to view the new user entry.
147
Task 6: Test the Add a User to a User Group Additional Action
You test the Add a User to a User Group additional action.
1. Go to Deployments.
2. Click and open the CR-Test deployment.
3. Click the Custom_ADUserMan_1 object.
4. Select Add a user to a user group from the ACTIONS drop-down menu in the right pane.
5. Enter eng-ca-a and select ENG-CA-Admins.
6. Click SUBMIT.
7. Wait for the action to complete.
You can monitor the progress of your action on the top left of the CR-Test deployment
page.
8. Use Remote Desktop Connection Manager to log in to the dc.vclass.local domain controller.
9. Open Active Directory by using the Active Directory Users and Computers icon on the
dc.vclass.local toolbar.
148
10. Expand ENG OU and verify that ENG-CA-User03 is a member of the ENG-CA-Admins
group.
You can click the refresh icon to see the new user entry.
149
Task 7: Test the Additional Actions
You test your additional actions to create a virtual machine folder and move a virtual machine.
1. Return to Cloud Assembly and verify that you have the CR-Test deployment open.
2. Verify that the Custom_ADUserMan_1 object is selected in the design canvas.
3. Select Create a virtual machine folder from the ACTIONS drop-down menu.
a. Enter a v in the Parent folder text box and scroll down and select vm.
b. Enter Action-Folder in the Name of the new folder text box.
When the action completes, use the vSphere Client to verify that the new VM folder
exists.
c. Click the ubuntu-cr component in the design canvas of the CR-Test deployment to
determine the Resource name (VM name).
You can also enter VMW-ENG in the virtual machine to move the text box. The virtual
machine name appears.
4. Return to Cloud Assembly and verify that you have the CR-Test deployment open.
5. Select the Ubuntu-CR component in the design canvas and record the name of the virtual
machine (VMW-ENG-xxxxxx).
6. Click the Custm_ADUserMan_1 object and select Move virtual machine to folder.
7. Enter the ENG-VM in the Virtual machine to move text box and scroll down and select the
correct virtual machine.
8. Enter Action in the Destination folder text box and scroll down and select Action-Folder.
9. Click SUBMIT.
10. When the action is complete, use the vSphere Client to verify that the virtual machine has
been moved into Action-Folder.
11. Click CLOSE to return to the Deployments tab.
150
Task 8: Delete the Ubuntu System and the Active Directory User
You delete your deployment to save the lab resources.
1. Verify that you are in Cloud Assembly on the Deployments tab.
2. Delete the CR-Test deployment.
3. Open the CR-TEST deployment during the delete operation.
4. Click History and observe the custom resource that is called.
5. Wait for the deployment to delete.
6. After the deployment is deleted, click the Orchestrator Client tab to go to vRealize
Orchestrator.

8. Locate the Destroy a user workflow run that appears in the recent workflow runs.
You can click the refresh icon to see the latest run.
9. Open the Destroy a user workflow run.
10. Verify that the Destroy a user workflow appears with the Completed status.
If the status has failed, the custom resource has a problem.
11. Click CLOSE.
12. Use Remote Desktop Connection Manager to log in to the (dc.vclass.local) domain
controller.
13. Open the Active Directory Users and Computers application.
14. Expand the ENG OU and verify that the ENG-CA-User03 does not exist.
You can click the refresh icon to see that the user has disappeared.
151
Lab 13 Creating a Resource Action to
Move a Virtual Machine to a Folder
Objective and Tasks

Use a resource action to enable a Day 2 operation on deployed machines:
1. Deploy a Virtual Machine to Test Your Resource Action
2. (Optional) Add a vCenter Server Instance to vRealize Orchestrator
3. Create Your Binding Action
4. Test Your binding Action
5. Create a vRealize Automation Resource Action
6. Test Your Resource Action
152
Task 1: Deploy a Virtual Machine to Test Your Resource Action
You deploy a virtual machine and use this virtual machine later to test your action.
1. (Optional) Log in to vRealize Orchestrator, the vSphere Client, and log in to Cloud Assembly.
Use this step only if you do not have two browser tabs that are not logged in to vRealize
Orchestrator, the vSphere Client, and Cloud Assembly.
open a new tab.
f. Click Cloud Aseembly.
h. Navigate to vRA > vRA-Standard using the shortcut.
k. (Optional) If you do not have a Chrome browser tab that is logged in to the vSphere
Client, open a new browser tab and go to Infrastructure > vSphere Client (SA-VCSA-
01).
l. Log in to the vSphere Client with administrator@vsphere.local as the user ID and

VMware1! as the password.
m. Start Chrome with three tabs.
You verify that one tab is for Cloud Assembly, one for the vSphere Client, and one for
the Orchestrator Client are available.
n. Click the Cloud Assembly tab.
3. Select the VMW-Centos-Static blueprint.
153
4. Deploy the VMW-Centos-Static blueprint.
Option Action
Deployment Name Enter Centos-Static in the text box.
5. Wait for the deployment to complete.
6. Record the name of the virtual machine that you deployed in vSphere (VMW-ENG-xxxxxx).
__________
7. Click the vSphere Client tab to go to the vSphere Client.
8. Go to VMs and Templates.
9. Right-click SA-Datacenter and navigate to New Folder > New VM and Template folder.
10. Enter RA-Folder in the Enter a name for the folder text box and click OK.
154
Task 2: (Optional) Add a vCenter Server Instance to vRealize
Orchestrator
If you did not add the vCenter Server instance to vRealize Orchestrator in an earlier lab, you must
run this task to add a vCenter Server instance to vRealize Orchestrator.
1. Click the Orchestrator Client tab.
3. Enter add a vcenter in the Filter text box.
You can click anywhere above the Add filter text box to remove the second filter text box.
4. Click RUN in the Add a vCenter Server instance catalog card.
155
5. Configure settings to run the workflow.
Option Action
IP or host name of the vCenter Server Enter sa-vcsa-01.vclass.local in the

instance to add text box.
HTTPS port of the vCenter Server Keep the default value of 443.
instance
Location of the SDK that you use to Keep the default value of /sdk.
connect to the vCenter Server instance
Will you orchestrate this instance? Select this option.
Do you want to ignore certificate Select this option.

warnings?
Do you want to use a session per user Deselect this option.

method to manage user access to the
vCenter Server system?
User name of the user that Orchestrator Enter administrator@vsphere.local

will use to connect to the vCenter in the text box.
Server instance
Password of the user that Orchestrator Enter VMware1! in the text box.
will use to connect to the vCenter
Server instance
You must click the Set the connection properties tab to configure the session, user name,
password, and domain name values.
6. Click RUN.
7. Verify that the workflow completes with the Completed status, which indicates a successful
run.
8. Click CLOSE.
156
Task 3: Create Your Binding Action
You use vRealize Orchestrator to create an action that is used to bind a variable in vRealize
Automation.
1. In the Orchestrator Client, go to Library > Actions.
2. Click NEW ACTION.
3. Enter getVMbyName in the Name text box.
4. Enter com.vmware.library.vc.vm in the Module text box and select

com.vmware.library.vc.vm.
The module name is lower case and in dot notation, which follows the basic standard of
com.[company].library.[component].[interface].
The module is not important for the vRealize Orchestrator action that is used as a binding
action by vRealize Automation. You can use any general-purpose module. You could also
create your own module, like com.vmeduc.mymodule. vRealize Orchestrator uses
module names to group related actions together. However, the combination of the name of
the action and the name of the module must be unique. No two actions in the same module
with the same name must exist.
5. Enter tags of VMs, search, name, and VMEDUC.
6. Click the Script tab.
7. Click ADD NEW INPUT in the right pane under Inputs.
8. Enter name in the Name text box.
This name replaces the default name of input.
9. Keep the default setting of string.
10. Do not select Array.
11. Enter Name of the VM you are searching for in the Description text box.
12. Enter virtualmachine in the Select Type search text box of Return Type and click
VC:VirtualMachine.
157
13. Verify that your Properties in the right pane are correctly configured.
14. Enter the code in your JavaScript pane.
var allVms = VcPlugin.getAllVirtualMachines();
for (var i in allVms) {

if (allVms[i].name === name) {
System.log("VM located");
return allVms[i];
}
}
System.log("VM not found");
return null;
The code is case-sensitive and indent sensitive, and must be entered carefully.
As you enter code, click the code items that match your text as they appear. For example,
after you enter VcPlugin.getAllV , you can click VcPlugin.getAllVirtualMachines.
Similarly, when you enter allVm, click allVms. You must click and select code items as they
are available instead of entering them. Clicking these items correctly links the code to
predefined elements in vRealize Orchestrator and avoids typographical errors.
A copy of this script exists in

C:\Materials\Bluerprints\Answers\GetVMbyName.txt.
158
15. Verify that your JavaScript code is correct.
If you click and link the code, several items in the code change color. For example, name is
green as it is a predefined input. Similarly, VcPlugin is light green. Other items appear blue and
black.
16. Click CREATE and click CLOSE.
159
Task 4: Test Your Binding Action
You use vRealize Orchestrator to test the action that is used in binding.
1. Enter getVMbyName in the Filter text box.
2. Click Run from the ACTIONS drop-down menu.
3. Enter the name of the virtual machine (VMW-ENG-xxxxxx) that you deployed in the Name
text box.
IMPORTANT
The name is case-sensitive and must match the deployed virtual machine name exactly.
4. Click RUN.
5. Verify that Action Result Type in Results/Inputs is VC:VirtualMachine.
7. Verify that the VM located message appears in the log.
8. Click RUN to rerun the action.
9. Enter BADVM in the name text box and click RUN.
10. Verify that the Action Result Type in Results/Inputs is empty and the value is Not set.
160
12. Verify that the VM not found message appears in the log file.
13. Click CLOSE.
14. Click the Cloud Assembly tab to return to Cloud Assembly.
15. Navigate to Infrastructure > Integrations.
16. Monitor the Integrations embedded-vRO data collection.
You must wait until a data collection completes to inventory your new binding action.
161
Task 5: Create a vRealize Automation Resource Action
You create a vRealize Automation resource action.
2. Go to Design > Resource Actions.
3. Click NEW RESOURCE ACTION.
4. Enter Move VM to Folder in the Name text box.

5. Enter Move VM to Folder in the Display name text box.
6. Turn on the Activate toggle to the right to Activate the resource action.
7. Click +ADD and select Cloud.vSphere.Machine as the Resource Type.
8. Click ADD.
9. Click +ADD and select Move virtual machine to folder as the Workflow.
You verify that you do not select the Move virtual machines (plural) to the folder workflow.
10. Click ADD.
11. Verify that your resource action configuration is correct.
162
12. Select vm from the Workflow Input drop-down menu in the Property Binding pane.
13. Enter getVMbyName in the Binding action search text box.
If you did not correctly specify a return type of VC:VirtualMachine in your binding action in
vRealize Orchestrator, the getVMbyName binding action does not appear in your binding
actions search.
14. Enter ${properties.resourceName} in the Value text box of the Binding Action
input name.
15. Verify that Property Binding is correctly configured.
16. Click CREATE.
163
Task 6: Test Your Resource Action
You use vRealize Automation to test the new resource action.
2. Click the Centos-Static deployment to open the deployment.
3. In the blueprint design canvas, click the Cloud_vSphere _Machine_1 icon.
4. In the right pane, click Move VM to Folder from the Cloud_vSphere_Machine_1 ACTIONS
drop-down menu.
5. Enter ra in the Destination folder text box and click RA-Folder.
6. Click SUBMIT.
164
7. Wait for the action to complete.
You must see a Move VM to Folder Successful message.
8. Click CLOSE.
9. Click the vSphere Client tab to return to the vSphere Client.
10. Go to VMs and Templates and verify that the virtual machine you deployed appears in RA-
Folder.
12. Click DELETE on the ACTIONS drop-down menu to delete the Centos-Static deployment.
13. Click SUBMIT.
165
Lab 14 Creating a Content Source
from vRealize Orchestrator
Objective and Tasks

Create a content source from vRealize Orchestrator:
1. Create a Content Source from a vRealize Orchestrator Workflow
2. Share the New Content
3. Run the New Catalog Item
4. Verify the Deployment
166
Task 1: Create a Content Source from a vRealize Orchestrator
Workflow
You configure a vRealize Orchestrator workflow as a vRealize Automation content source.
Use this step only if you do not have two browser tabs that are not logged in to vRealize
Orchestrator and Cloud Assembly.
h. Use the shortcut to go to vRA > Standard.
k. Verify that you have two Chrome browser tabs open.
2. Open a new tab in Chrome for Service Broker.
3. Go to vRA > vRA-Standard.
5. Click Service Broker.
6. Click the Content & Policies tab.
7. Verify that you are in Content Sources.
8. Click NEW to create the content source.
9. Click the vRealize Orchestrator Workflow icon.
10. Enter Create VM Folder in the Name text box.
167
11. Enter Create a virtual machine folder in vCenter in the Description
text box.
12. Click ADD under Workflows.
13. Enter Folder in the Search workflows text box.
14. Scroll down, select Create virtual machine folder, and click ADD.
15. Click CREATE & IMPORT.
16. Verify that the Create VM Folder content source is created.
Task 2: Share the New Content

You share the new content.
1. Click Content Sharing in the left pane.
2. Select VMW-ENG in the Project Search text box.
3. Click ADD ITEMS.
4. Select Create VM Folder and click SAVE.
168
Task 3: Run the New Catalog Item
You run the new catalog item.
1. Click the Catalog tab.
2. Click REQUEST on the Create virtual machine folder catalog card.
3. Enter Creating a VM Folder in the Deployment Name text box.

4. Enter myVmFolder in the Name of the new folder text box.
5. Enter vm in the Parent folder text box and click vm.
6. Click SUBMIT.
7. Wait for the deployment to complete.
169
Task 4: Verify the Deployment
You verify that the vRealize Orchestrator workflow has run successfully.
1. (Optional) Log in to the vSphere Client.
a. Open a new tab in the Chrome browser.
b. Go to Infrastructure > vSphere Client (SA-VCSA-01).
c. Log in with administrator@vsphere.local as the user account and VMware1! as the

password.
3. Verify that the myVmFolder folder appears under SA-Datacenter.
170
Lab 15 Creating an ABX Action to
Rename a Virtual Machine
Objective and Tasks

Create an ABX action to rename a virtual machine on deployment:
1. Create an Action Script
3. Upload a Blueprint
4. Delete the Deployment to Save the Lab Resources
5. Disable the Rename VM on Deployment Subscription
171
Task 1: Create an Action Script
You create an action script that renames a virtual machine.
1. (Optional) Log in to the vSphere Client and log in to Cloud Assembly.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
a. Start Chrome and open a new tab for the vSphere Client.
If Chrome is already running, but a tab logged in to vSphere Client is not open, open a
new tab.
h. Navigate to Infrastructure > vSphere Client using the shortcut.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
2. Click the Cloud Assembly tab.
3. Go to Extensibility > Actions.

4. Click + NEW ACTION.
5. Enter Rename-vSphere-VM-on-Deployment in the Name text box.
6. Select VMW-ENG from the Project drop-down menu and click NEXT.
7. Verify that PYTHON and WRITE SCRIPT are selected.
172
8. Cut and paste the code from C:\Materials\ABX-Actions\Rename-vSphere-
VM-on-Deployment.txt on your student desktop.
def handler(context, inputs):
outputs = {}
outputs["resourceNames"] = inputs["resourceNames"]
print("Entering ABX action")
print("Current Name")
print(inputs["resourceNames"][0])
oldName = inputs["resourceNames"][0]
newName = inputs["customProperties"]["newHostName"]
print("new Name ")

print(newName)
outputs["resourceNames"][0] = newName
print("Action complete")
return outputs
9. Examine your code and understand how it works.
In the code:
• An array named outputs is initialized empty.
• The custom properties array resourceNames is loaded to the outputs resourceNames.
The vSphere name of the virtual machine is stored in resourceNames[0].
• The current virtual machine name is printed.
• A newName variable is initialized and loaded from the YAML property in the
newHostName blueprint.
• The new name is printed.
• The resourceNames[0] custom property is loaded with the new name. It is assigned to
the virtual machine in vSphere.
10. Verify that the Main function is handler in the right pane.
11. Click the - (minus icon) to delete the Default Input of target or world.
12. Verify that the Dependency text box is empty.
173
13. Select On Prem from the FaaS provider drop-down menu.
You can use the Auto Select default setting. The best practice is to manually set the FaaS
provider and verify that it is configured correctly if you must use one of the cloud-based
FaaS providers.
14. Verify that the Set custom timeout and limits slider is set to the left (off position).
15. Click SAVE.
16. Click TEST and click See details.
17. Wait for the test run to complete.
Your test run fails with KeyError on resourceNames because the resourceNames
array cannot manage the action in the default input. Verify that are no other syntax errors
are reported.
18. Click CLOSE to close the test details.
19. Click CLOSE.
174
You create a subscription that calls the action.
1. Go to Extensibility > Subscriptions.
2. Click + New Subscription.
3. Enter Rename-VM-On-Deployment in the Name text box.

4. Enter Use an action to rename a vSphere VM before it is
deployed in the Description text box.
5. Click +ADD in Event Topic, select Compute allocation, and click SELECT.
6. Slide the Condition slider to the right and enter event.data.componentId ==

'ABX-VM'in the Condition text box.
7. Click +ADD in Action/workflow, select Rename-vSphere-VM-on-Deployment, and click
SELECT.
8. Slide the Blocking slider to the right and enter 2 in the Timeout text box.
A 2 minute timeout is set on the action.
9. Verify that your Subscription is configured correctly and click SAVE.
175
176
Task 3: Upload a Blueprint
You upload a blueprint to use with the ABX action.
2. Upload the Centos-ABX blueprint with the parameters.
Option Action
Name Enter Centos-ABX in the text box.
Description Enter Centos blueprint for testing ABX

actions in the text box.

Service Broker
Upload file Browse to C:\Materials\Blueprints\Centos-

ABX.yaml.
3. Click the Centos-ABX blueprint and open the blueprint.
4. Examine the code and view the blueprint features.
In the code:
• An input variable for the host name hostname1 exists.
• The resource name is ABX-VM, which is used in your subscription.
• This blueprint has no network so it deploys faster. A network is not needed in this lab.
177
Task 4: Test Your Action by Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
1. Click DEPLOY to deploy the Centos-ABX blueprint with these parameters.
Option Action
Deployment Name Enter Rename-Test in the text box.
Enter your hostname Enter Centos-ABX in the text box.
2. Click DEPLOY after you enter your inputs.
3. Click History and monitor the deployment.
4. Go to Extensibility > Action Runs when ALLOCATE_FINISHED appears.
5. Click the latest Rename-vSphere-VM-on-Deployment action run to open the action run.
The following action runs appear:
• Failed action run from the blueprint test
• Successful action run from the blueprint deployment
6. Click the Log tag and verify that the action run is successful.
The log file might show a different Current Name for your VM.
178
7. Click Details and verify that the original resourceNames is VMW-ENG-xxxxxx and the new
resourceNames is Centos-ABX.
8. Click the Deployments tab and wait for your deployment to complete.
179
10. Verify that the VM deployed in Lab-VMs is Centos-ABX.
180
Task 5: Delete the Deployment to Save the Lab Resources
Delete your deployment to save the lab resources.
2. Delete the Rename-Test deployment.
Task 6: Disable the Rename VM on Deployment Subscription

1. Navigate to Extensibility > Subscriptions.
2. Click DISABLE on the Rename-VM-On-Deployment subscription.
You disable the subscription so that it does not interfere with the future labs.
181
Lab 16 Creating an ABX Action to Tag
a Virtual Machine
Objective and Tasks

Create an ABX action to tag a VM on deployment by using an object variable from the YAML
blueprint as input:
3. Upload and Modify a Blueprint
4. Test Your Action by Deploying the Blueprint
182
open a new tab.
b. Click the vRA > Standard bookmark in Chrome.
g. Open a new tab in the Chrome.

5. Enter Tag-vSphere-VM-With-Tags-Object in the Name text box.
7. Click the PYTHON drop-down menu and select NODEJS.
The scripting language changes to NODEJS.
8. Verify that NODEJS and WRITE SCRIPT are selected.
183
9. Copy and paste this code from C:\Materials\ABX\Tag-vSphere-VM-With-
Tags-Object.txt on your student desktop.
exports.handler = function handler(context, inputs) {
let tagsAsString = inputs.customProperties.yamlTags;
let tagsJsonObject = JSON.parse(tagsAsString);
let outputs = {};
outputs.tags = inputs.tags;
console.log("Entering ABX action");
console.log("==========================================");
console.log("inputs.tags:");
console.log(inputs.tags);
console.log("==========================================");
console.log("tagsAsString:");
console.log(tagsAsString);
console.log("==========================================");
console.log("tagsJsonObject:");
console.log(tagsJsonObject);
console.log("==========================================");
Object.keys(tagsJsonObject).forEach(key => {
outputs.tags[key] = tagsJsonObject[key];
console.log("key: " + key + " / value: " +
tagsJsonObject[key]);
});
return outputs;
};
10. Examine your code carefully.
Observe the following features:
• A string variable named tagsAsString is initialized with the yamlTags. Although it is
entered as an object in the YAML blueprint, the only way ABX can receive it is as a string.
• A new variable, tagsJsonObject is initialized using the JSON parse function.
• An outputs.tags array is initialized empty.
• A loop is set up to go through the tagsJasonObject array and load it into the outputs.tag
object.
• ABX actions are functions. A return command is required at the end. The
outputs.tags object is returned.
184
12. Click the - (minus) icon to delete the Default Input of target / World.
15. Verify that the Set custom timeout and limits slider is to the left (off position).
16. Click SAVE.
17. Click CLOSE.
185
3. Enter Tag-VM-From-YAML in the Name text box.

4. Enter Use an action to tag a vSphere VM from a YAML object
variable in the Description text box.
5. Click +ADD in Event Topic, select Compute allocation, and click SELECT.

7. Click +ADD in Action/workflow, select Tag-vSphere-VM-With-Tags-Object, and click
SELECT.
A 4 minute timeout is set on the action.
186
10. Click SAVE.
187
Task 3: Upload and Modify a Blueprint
You upload and modify a blueprint to use with the ABX action.
2. Upload the Centos-ABX blueprint with these parameters:
Option Action
Name Enter Centos-ABX-TAG in the text box.
Description Enter Centos blueprint for testing ABX

actions in the text box.

Service Broker
Upload file Browse to C:\Materials\Blueprints\Centos-

ABX.yaml.
3. Click the Centos-ABX-TAG blueprint and open the blueprint.
4. Add the following code to the inputs section of the YAML code.
UserTags:
type: object
title: Enter your user tags
5. Add the code to the properties section of ABX-VM.
yamlTags: '${input.UserTags}'
188
6. Verify your blueprint YAML code.
7. Click CLOSE.
189
1. Select the Centos-ABX-TAG blueprint and start a deployment with these parameters.
Option Action
Deployment Name Enter Tag-Test in the text box.
Enter your hostname Enter Centos-ABX-Tag in the text box.
2. Click the + icon under Enter your user tags.
3. Enter vRA1 in the Key text box.
4. Enter ABX1 in the Value text box.
5. Click APPLY.
7. Enter vSphere in the Key text box.
8. Enter Production in the Value text box and click APPLY.
190
9. Verify that your deployment inputs are correct.
You have entered the data for an Object variable. Objects are key-value pairs.
If the vRA1 key is repeated for both the pairs, only the last entry is used.
10. Click DEPLOY.
12. After the deployment is complete, click to record the name of your deployed virtual machine
(VMW-ENG-xxxxxx) and click CLOSE. __________
NOTE
The subscription that is used to rename the VM was disabled from the previous lab. As a
result, the host name that you specified during the deployment is not updated.
13. Go to Extensibility > Action Runs.
14. Click Tag-vSphere-VM-With-Tags-Object to open the action run.
191
15. Click the Log tag and verify that your action is successful.
16. Click Details and verify that the original tags are empty and that the new Outputs tags are
vRA1: ABX1 and vSphere : Production.
18. Select the deployed virtual machine in Lab-VMs and verify that the VM deployed in Lab-VMs
has the correct tags assigned.
19. Click the Cloud Assembly tab to go to the Cloud Assembly.

Delete your deployment to save the lab resources.
2. Delete the Tag-Test deployment.
192
Lab 17 Creating an ABX Action to
Dump the Payload
Objective and Tasks

Create an ABX action to dump the payload of the deployment:
193
a. Start Chrome.
new tab.
h. Go to Infrastructure > vSphere Client by using the shortcut.
i. Login with the administrator@vsphere.local user account and the VMware1! password.

5. Enter Dump-the-Payload in the Name text box.
7. Verify that PYTHON and WRITE SCRIPT are selected.
8. Copy and paste the code to dump the inputs handed to the ABX action from
C:\Materials\ABX\Dump-the-Payload.txt on your student desktop.
import json
def handler(context, inputs):

print(json.dumps(inputs, indent=2))
This code uses a json function (json.dumps) to print all the custom properties that came into
the ABX action as inputs.
10. Click the - (minus) icon to delete the default Input of target / World.
194
13. Verify that the Set custom timeout and limits slider is to the left (off position).
14. Click SAVE.
15. Click CLOSE.
195
3. Enter Dump-Payload in the Name text box.

4. Enter Use an action to dump the payload from a deployment in the
Description text box.
5. Click +ADD in Event Topic, select Compute post provision, and click SELECT.
Depending on when you run the subscription, the inputs and custom properties differ. Some
custom properties do not exist during earlier event topics. Some custom properties change
between event topics.

'ABX-VM' in the Condition text box.
7. Click +ADD in Action/workflow, select Dump-the-Payload, and click SELECT.
8. Leave the Blocking slider to the left (off).
As no changes occur, you do not need to delay the deployment process by blocking other
events until the deployment is complete.
196
10. Click DISABLE on the Tag-VM-From-YAML subscription.
197
Task 3: Test Your Action By Deploying the Blueprint
1. Select the Centos-ABX-Tag blueprint and start a deployment with these parameters.
Option Action
Deployment Name Enter Dump-Test in the text box.
3. Enter vRA1 in the Key text box.
4. Enter DumpTest in the Value text box.
5. Click APPLY.
6. Click DEPLOY.
8. When the deployment is complete, click CLOSE.
10. Click Dump-the-Payload to open the action run.
198
11. Click the Log tab and view the output.
This detailed log is useful in troubleshooting action problems.

2. Delete the Dump-Test deployment.
199
Lab 18 Combining ABX Actions to an
ABX Flow
Objective and Tasks

Combine ABX actions to an action flow:
1. Create an Action Flow
2. Add a Conditional Statement to Your Action Flow
3. Modify the First Action Script to Output Custom Properties
5. Modify an Existing Blueprint
7. Verify Your Deployments and Actions
200
Task 1: Create an Action Flow
You create an action flow combines multiple action scripts.
h. Use the shortcut to go to Infrastructure > vSphere Client.
5. Enter Rename-VM-and-Tag-VM-Flow in the Name text box.
6. Enter A combination of the rename VM and tag VM action scripts

in the Description text box.
8. Click the SCRIPT drop-down menu and select FLOW.
The script changes to an action-flow.
9. Click the pointer after action_placeholder.
10. Press backspace repeatedly next to action:.
201
11. Press the spacebar.
A list of the actions already defined appears.
12. Click Rename-vSphere-VM-on-Deployment.
13. Use the same method to replace the second action_placeholer with the Tag-
vSphere-VM-With-Tags-Object action script.
202
14. Use the same method to replace error_handler_placeholder with Dump-the-
Payload.
15. Click SAVE.
16. Verify that the action-flow graphic is correct.
Each block in the diagram shows the label, the name of the action called, and the icon to
indicate the type of action (Script, REST, and so on).
For example, the action1 is the first box. The label called in the action-flow script is
action1. The action calls the Rename-vSphere-VM-On-Deployment ABX action
(only the part of the name that is visible). The icon is a document scroll, which is the icon for a
script.
17. Click the eye icon in action1 to open the Rename-vSphere-VM-on-Deployment action.
203
The script within the action appears. You can click EDIT ACTION to directly edit this action.
18. Click CLOSE.
204
Task 2: Add a Conditional Statement to Your Action Flow
You modify your action flow with a conditional statement.
1. Click the pointer after next: action2.
2. Press Backspace repeatedly to delete action2.
3. Enter switchaction so that your line of code is next: switchaction.

4. Press Enter to enter a new code between action1 and action2.
5. Enter the following code after the action: Rename-vSphere-VM-on-

Deployment code in your action flow code.
next: switchaction
switchaction:
switch:
${tagControl == "TagVM"}: action2
${tagControl != "TagVM"}: action3
The { } in the conditional statements in the switch are brackets and not parenthesis. If you
use parenthesis instead of brackets, you trigger the error action. An error message appears
in the Details tab of that action run that indicates a condition expression
returns non-Boolean: failed state.
The ${tagControl == "TagVM"}: action2 code sends the action flow to the
action2 code block if the tagControl variable is equal to the TagVM string.
The ${tagControl != "TagVM"}: action3 code sends the action flow to the
action3 code block if the tagControl variable is not equal to the TagVM string.
The tagControl variable is not defined. You must define it in the Rename-vSphere-
VM-on-Deployment action.
6. Verify that your current action flow code appears similar to the screenshot.
The code graph in the right pane has changed. A new switch symbol with a single branch
appears.
205
7. Enter the following code after the action: Tag-vSphere-VM-with-Tags-
Object code in your flow: action.
next: action3
action3:
action: Dump-the-Payload
next: flow_end
8. Verify that your program code is correct.
206
9. Verify that the graph in the right pane matches the screenshot.
10. Click SAVE and click CLOSE.
207
Task 3: Modify the First Action Script to Output Custom Properties
You modify the Rename-vSphere-VM-on-Deployment action script to output custom properties
for use in the action flow switch.
1. Click OPEN on the Rename vSphere-VM-on-Deployment action catalog card.
2. Add the following code to the Rename-vSphere-VM-on-Deployment action script after the
outputs["resourceNames"] = inputs["resourceNames"] line.
outputs["customProperties"] = inputs["customProperties"]
The customProperties object with the current customProperties object from
the payload is loaded.
3. Add the following code to the Rename-vSphere-VM-on-Deployment action script after the
newName = inputs["customProperties"]["newHostName"] line.
tagControl = inputs["customProperties"]["tagControl"]
The local tagControl variable based off of the tagControl custom property from the
YAML blueprint is created.
4. Add the code to the Rename-vSphere-VM-on-Deployment action script after the

outputs["resourceNames"][0] = newName line.
outputs["tagControl"] = tagControl
This step generates the tagControl variable for the action-flow to use. Actions can use
any variable output by a previous action.
5. Verify that your action script code is correct.
6. Click SAVE and click CLOSE.
208
3. Enter Rename-Tag-Flow in the Name text box.

4. Enter Use an action flow to rename and tag a vSphere VM in the
5. Click +ADD in Event Topic, select Compute allocation and click SELECT.

7. Click +ADD in Action/workflow, select Rename-VM-and-Tag-VM-Flow and click SELECT.
A 6 minute timeout is set.
209
10. Click DISABLE on the Tag-VM-From-YAML subscription.
This step prevents two subscriptions from trying to run the same action script on the same
deployed system.
You can run multiple subscriptions on a single deployment. However, too many subscriptions
can slow down your deployment significantly.
If you must run multiple subscriptions on a deployment, verify that they do not conflict with
each other. You can prevent the conflict by using different ABX actions with different
subscriptions, or by calling the same action from different event topics.
The priority setting on subscriptions can also be used to prevent any conflict. You must set
your subscriptions to different priorities and verify that they are blocking subscriptions.
210
Task 5: Modify an Existing Blueprint
You modify an existing blueprint to use with the ABX action.
2. Select the Centos-ABX-Tag blueprint and click CLONE.
3. Clone the blueprint.
Option Action
Name Enter Centos-ABX-FLOW in the text box.
Description Enter Centos blueprint for testing ABX-

FLOWs in the text box.
Blueprint sharing in Service Select Share only with this project.

Broker
Version Current Draft.
4. Click the Centos-ABX-Flow blueprint to open it.
5. Add the following code to the inputs section of the YAML code under the UserTags
block.
tagInput:
type: string
enum:
- TagVM
- NoTag
title: Tag VM?
6. Add the code to the properties section of ABX-VM.
tagControl: '${input.tagInput}'
211
7. Verify your blueprint YAML code.
The tagControl custom property is used to control the switch in the action flow you
created.
8. Click CLOSE.
212
1. Select the Centos-ABX-FLOW blueprint and start a deployment with the parameters.
Option Action
Deployment Name Enter Flow-Test in the text box.
Tags: first key Enter vRA2 in the text box.
Tags: first value Enter ABX2 in the text box.
Tags: second key Enter vSphere in the text box.
Tags: second value Enter Flow-Test in the text box.
2. Click TagVM from the Tag VM? drop-down menu.
3. Verify that your Deployment inputs are correct.
Using a value of TagVM for this custom property causes the action-flow switch to take the
path that tags the VM, after the VM is renamed.
4. Click DEPLOY.
213
5. Click CLOSE.
7. Deploy the Centos-ABX-FLOW blueprint a second time with these parameters.
Option Action
Deployment Name Enter Flow-Test2 in the text box.
Blueprint Version Current Draft
Enter your hostname Enter Centos-ABX2 in the text box.
Tags: first key Enter NoKey1 in the text box.
Tags: first value Enter NoVal1 in the text box.
You verify that you change the default host name from Centos-ABX to Centos-ABX2.
8. Click NoTag from the Tag VM? drop-down menu.
Using a value of NoTag for this custom property causes the action-flow switch to skip the
path that tags the VM, after the VM is renamed. The VM is renamed. No tags are applied.
9. Click DEPLOY and click CLOSE
10. Wait for the deployments to complete.
214
Task 7: Verify Your Deployments and Actions
2. Verify that you have recent action runs.
For the Flow-Test deployment, the following action runs appear:
• Rename-VM-and-Tag-VM-Flow
The run has the flow icon.
The action-flow is called by the subscription.
• Rename-vSphere-VM-on-Deployment
The action run has the Python script icon.
The action is called by the Rename-VM-and-Tag-VM-Flow action flow.
• Tag-vSphere-VM-with-Tags-Object
The action run has the NodeJS script icon.
• Dump-the-Payload
For the Flow-Test2 deployment, the following action runs appear:
• Rename-VM-and-Tag-VM-Flow
• Rename-vSphere-VM-on-Deployment
215
• Dump-the-Payload
3. Click the first (lower) Rename-VM-and-Tag-VM-Flow action to open the earliest action flow
run that is associated with the Flow-Test deployment.
The center pane shows the graph of the action flow.
216
4. Click the Source tag to see the source code of the action flow.
5. Verify that the right pane shows your timeline of the called actions.
Each action must appear with the Completed status.
6. Click Details and verify that the original tags are empty and the new Outputs tags are
vRA2: ABX2 and vSphere : Flow-Test.
217
8. Click the Centos-ABX VM in Lab-VMs and verify that the correct tags are assigned to the
VM deployed in Lab-VMs.
9. Click the Centos-ABX2 VM in Lab-VMs and verify that no tags are assigned to the VM
deployed in Lab-VMs.

You delete your deployments to save the lab resources.
2. Delete the Flow-Test and Flow-Test2 deployments.
218
Lab 19 Troubleshooting an ABX FLow
Objective and Tasks

Import broken ABX actions, an action flow, and troubleshoot problems:
1. Import Several Actions
4. Troubleshoot the Problems in Your Actions
5. Correct the Code in Bad-Rename-vSphere-VM
6. Test Your Corrected Action by Deploying the Blueprint
7. Verify Your Deployments and Actions
8. Delete the Deployments to Save the Lab Resources
219
Task 1: Import Several Actions
You import several actions to create a broken action flow.
h. Use the shortcut to go to Infrastructure > vSphere Client.
4. Click + IMPORT.
5. Click SELECT FILE.
6. Select the C:\Materials\ABX\Bad-Action-Flow.zip compressed file and click Open.
7. Verify that VMW-ENG is selected in the Project drop-down menu.
If some other project is selected, delete it and select VMW-ENG.
8. Click IMPORT.
9. (Optional) If you see a conflict indicating that the Dump-the-Payload Action already exists,
select Skip conflicting actions.
10. Click IMPORT to import the Action-Flow and all components.
220
3. Enter Bad-Rename-Tag-Flow in the Name text box.

4. Enter Use an action flow to rename and tag a vSphere VM in the
5. Click +ADD in Event Topic, select Compute allocation and click SELECT.

7. Click +ADD in Action/workflow, select Bad-Flow and click SELECT.
A 6 minute timeout is set.
221
10. Click DISABLE on all other subscriptions.
This step prevents two subscriptions from trying to run the same action script on the same
deployed system.
You can run multiple subscriptions on a single deployment. However, too many subscriptions
can slow down your deployment significantly.
If you must run multiple subscriptions on a deployment, verify that they do not conflict with
each other. You can prevent the conflict by using different ABX actions with different
subscriptions, or by calling the same action from different event topics.
The priority setting on subscriptions can also be used to prevent any conflict. You must set
your subscriptions to different priorities and verify that they are blocking subscriptions.
222
2. Upload the Centos-Flow-Troubleshoot blueprint into the VMW-ENG Project from

C:\Materials\Blueprints\Centos-Flow-Troubleshoot.yaml.
3. Select the Centos-Flow-Troubleshoot blueprint and start a deployment with these
parameters.
Option Action
Deployment Name Enter Trouble-Shooting.
Enter your hostname Enter Centos-Trouble in the text box.
5. Click DEPLOY.
6. Click History.
7. Wait for your deployment to show any errors.
223
Task 4: Troubleshoot the Problems in Your Actions
You troubleshoot the problems in your actions.
1. View the error message in the deployment history.
The following error message appears.

Extensibility triggered task failure: Extensibility error
received for topic compute.allocation.pre, eventId = 'd359d575-
31be-3412-badf-d909f60ea35e': [10040] Service with ID: abx-
Ptv56bQkcAAY1D8E, RunnableID: 8a7480be726d6566017285df6c360258
and SubscriptionID: sub_1591239297232 failed with the following
error: Cannot find property tagControl
The error message indicates a problem in the main action-flow that stops the flow.
Q1. What is missing?

A1. A var iab le named tagCo ntrol.
3. Verify that new action runs appear.
• Bad-Flow started first. But it failed at some point.
• Bad-Rename-vSphere-VM appears to have completed without errors.
• Bad-Report-Errors is the error control procedure. It is called by the action flow when a
problem occurs.
The Bad-Report-Errors action is started by the API and not by an Event. The action flow
triggers the action when the error occurs.
224
4. Click Bad-Flow to view the Bad-Flow action run.
Observe that the first action, Bad-Rename-vSphere, appears with the Completed status. This
action runs without errors.
You observe that the next action run that ran after the Bad-Rename-vSphere-VM action
completed, is the Bad-Report-Errors action. This action only runs when an error appears. As
the first action was completed without an error, and the error occurred immediately, the main
action flow logic might have caused the error.
5. Click Source and then click the Details tab to look at the source code of the main action-
flow.
The Cannot find property tagControl error appears. The tagControl

variable is used in the switch code.
Q2. Where is the tagControl variable defined?

tagControl
tagInput
A2. The
variable.
variable m ust be defined before you use it in a switch. You can hard-c ode it to t he actio n-flow code. The most useful p lace to define var iable is in the previous act ion (Bad-Rename-vSphere-VM) and to base it off of the tagControl YAML custom property. The tagControl custom property is lo aded from t he
225
Task 5: Correct the Code in Bad-Rename-vSphere-VM
You correct the code in Bad-Rename-vSphere-VM.
2. Click OPEN on the Bad-Rename-vSphere-VM catalog card.
3. View the program code.
Q1. Is the tagControl variable defined, based on the tagControl custom

property ?
A1. Yes. The tagControl = inputs.customProperties.tagControl; statement exists.
Q2. Is the tagControl variable passed as an output to the main action flow?
A2. No. The new VM name is passed as an o utput in outputs.resourceNames[0] = newName; tagControl but no outp ut line for exists.
4. Correct your program code by adding the correct output.
To view the correct code, see the code in the C:\Materials\ABX\Answers\Bad-

Rename-vSphere-VM-Fixed.txt file. Two outputs.xxxx = xxxx; code lines appear at
the end of the action. The missing line is outputs.tagControl = tagControl;
226
5. Click SAVE after you have corrected your Bad-Rename-vSphere-VM Action code.
6. Click CLOSE.
227
Task 6: Test Your Corrected Action by Deploying the Blueprint
2. Select the Centos-Flow-Troubleshoot blueprint and start a deployment with these

parameters.
Option Action
Deployment Name Enter Trouble-Shooting3 in the text box.
Enter your hostname Enter Centos-Trouble3 in the text box.
4. Click DEPLOY.
5. Wait for the deployments to complete.
228
Task 7: Verify Your Deployments and Actions
2. Verify that you have recent action runs:
For the Trouble-Shooting3 deployment, the following action runs appear:
• Bad-Flow
• Bad-Rename-vSphere-VM
The action is called by the Bad-Flow action flow.
• Bad-Tag-VMs-with-Tags-Object
• Dump-the-Payload.
This action run has the NodeJS script icon.
3. Click the first (lower) Bad-Flow action to open the earliest action flow run that is associated
with your Trouble-Shooting3 deployment.
229
4. Verify that the right pane shows your timeline of the called actions called.
Each action must have the Completed status.
5. Click Details and verify that the original tags are empty and the new Outputs tags are
vRA5 and ABX5.
6. Scroll down further and verify that Centos-Trouble3 is Resource-Names.
8. Click the Centos-Trouble3 VM in Lab-VMs and verify that the VM deployed in Lab-VMs has
the correct tags assigned.
230
Task 8: Delete the Deployments to Save the Lab Resources
You delete all your deployments to save the lab resources.
2. Delete all deployments.
231
Lab 20 Build a Deployment in
Kubernetes
Objective and Tasks

Deploy a simple container:
1. Build a Simple Container
2. Expose the Container to the Cluster IP
3. Create a Single Deployment
4. Deploy the Pod and Service
232
Task 1: Build a Simple Container
You log in to the Kubernetes primary node to find the templates folder and deploy a basic
Kubernetes container.
1. Open the MTPuTTY window form the student desktop.
2. Double-click the SA-K8S-Master node.
3. Enter kubectl version.
The current version of Kubernetes is installed. You can see the available commands or API
versions. The API versions correlate to the available API versions in the YAML code.
4. Enter kubectl get nodes.
The primary node and one worker node appear.
5. Enter kubectl proxy.
The proxy server is operational. The proxy service starts in a few minutes.
You can double-click the k8s-master server to open another tab and continue with the
second tab in the MTPuTTY window.
6. Enter kubectl get namespaces.
7. Enter kubectl get pods -A.
-A indicates the flag for all namespaces.
8. Enter kubectl create namespace lab-demo.
9. Enter cd /etc/kubernetes/templates.
The Kubernetes working directory is /etc/kubernetes. A folder for templates exists.
10. Enter kubectl create -f kuard-pod.yaml -n lab-demo.
A pod is created based on the file YAML code. This command runs the create command
based on the file kuard-pod.yaml file which is a Linux system running a demo
application called Kubernetes up and running demo.
11. Enter cat kuard-pod.yaml.
12. Verify the container name and container port in the YAML file.
The port is available externally. You must know the pod name and port.
13. Enter kubectl describe pod kuard -n lab-demo.

The detailed breakdown of the kuard pod appears in the lab-demo namespace.
233
Task 2: Expose the Container to the Cluster IP
You add a port service to the container to expose the web port to the cluster.
1. Enter cat kuard-service.yaml.
The service file to create an external connection to the 8080 port is created. The label is set
for kuard. So, this service attaches itself to any system that has the name kuard in the pod.
2. Enter kubectl create -f kuard-service.yaml -n lab-demo.
3. Enter kubectl get services -A.
The available networking services in all namespaces appear. The kuard service, with the port
8080 and a cluster IP appear.
4. Delete the service and pod to combine to a single deployment in the next task.
a. Enter kubectl delete service kuard-service -n lab-demo.
b. Enter kubectl delete pod kuard -n lab-demo.
234
Task 3: Create a Single Deployment
You combine the two files to a single file. You can join multiple machines, services, and resources
to a single deployment for practical applications.
1. Enter cat php-pod.yaml.
2. Copy the entire content of php-pod.yaml file.

3. Open Notepad++ and paste the text to a blank document.
4. Press Enter, enter three minus signs, and press Enter again to separate the first file from the
second.
5. Return to the MTPuTTY window and enter cat php-service.yaml.
6. Copy the entire content of php-service.yaml file.
7. Paste the text into the notepad++ file under the ---.
The following results appear.
235
8. Select all text to copy from the Notepad++ file.
9. Enter nano php-deployment.yaml in the MTPuTTY screen.
10. Right-click to paste the contents to the new YAML file.
11. Press Ctrl + X to save.
12. Enter Y to save.
236
Task 4: Deploy the Pod and Service
You deploy and verify the configuration.
1. Enter kubectl create -f php-deployment.yaml -n lab-demo.
2. Enter kubectl get pods -A.
The php-apache pod is created in the lab-demo namespace.

3. Enter kubectl get services -A.
The php-apache service is created in the lab-demo namespace.
4. Enter kubectl describe pod php-apache -n lab-demo.
The pods lists, including the used ports, appear.
5. Delete the deployment and service.
a. Enter kubectl delete deployment php-apache -n lab-demo.
b. Enter kubectl delete service php-apache -n lab-demo.
You can leave the MTPuTTY window open for the next lab.
237
Lab 21 Deploying a Load Balanced
Deployment in Kubernetes
Objective and Tasks

Change a container to a replica set with the load balancer:
1. Deploy a Replica Set of Multiple Pods
2. Deploy and Verify the Replica Set
238
Task 1: Create a Replica Set of Multiple Pods
You deploy a multimachine replica set to a Kubernetes cluster.
1. Open the MTPuTTY window on the student desktop taskbar.
2. Double-click the SA-K8S-Master node.
3. Enter cd /etc/kubernetes/templates.
4. Enter nano apache-deployment.yaml to open a text file and enter data.
5. Create a replica set, which is a scaling deployment of multiple machines.
Setting Value
apiVersion apps/v1
kind Deployment
name apache
run apache
replicas 1
run apache
containers: - name apache
image k8s.gcr.io/php-apache
apiVersion: apps/v1 # default api set for most projects.

kind: Deployment #Sets resource type
metadata:
name: apache #Sets deployment name
spec:
selector: #establishes information for load balancers in
the deployment.
matchLabels:
run: apache #Label to select resources in tasks
replicas: 1 #Creates replica sets
template: #Starts the resource in the replica set.
metadata:
labels:
run: apache
spec:
containers: #this starts the definition of the
239
replica set
- name: apache
image: k8s.gcr.io/php-apache #sets the image to be
replicated
ports:
- containerPort: 80
6. Create a load balancer after the replica set to create an inbuilt load balancer and hit any
nodes in the replica set.
Values are case-sensitive.
Setting Value
blank under replica set --- # to delineate two files in one.
apiVersion v1
kind Service
name apache
namespace lab-demo
port 80
targetPort 80
type LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: apache
namespace: lab-demo
spec:
selector:
app: apache
ports:
- port: 80
targetPort: 80
type: LoadBalancer
7. Enter Ctrl +X to exit the nano application.
8. Enter Y to close and save the YAML file.
240
Task 2: Deploy and Verify the Replica Set
You deploy and verify the services in the Apache replica set.
1. Enter kubectl create -f apache-deployment.yaml to deploy the created

file.
2. Enter kubectl describe service apache -n lab-demo.
To swap namespaces permanently, use the kubectl config set-context --

current --namespace=lab-demo command. The default namespace for all future
commands to the lab-demo namespace is set. To simplify the kubectl command, use the
Linux alias to shorten kubectl.
3. Enter kubectl describe deployment apache -n lab-demo.
A set of deployments might appear. One set of deployment must be ready.
4. Enter nano apache-deployment.yaml.
You must not use virtual machine snapshots as a virtual machine backup strategy.
5. Modify the replica sets from 1 to 3.
6. Press Ctrl+X to exit and Y to save.
7. Enter kubectl apply -f apache-deployment.yaml -n lab-demo.
A message that you must use apply only on created resources appears.
8. Enter kubectl get deployments.
The number of replicas that appear are one-third or more depending on the speed.
9. Enter kubectl delete deployment apache-n lab-demo.
10. Enter kubectl delete service apache -n lab-demo.
241
Lab 22 Using vRealize Automation
Code Stream to Deploy a Basic
Container
Objective and Tasks

You create a base container and service pipeline to deploy Kubernetes:
1. Create a Kubernetes Namespace
2. Set Up the Pipeline
3. Set Up Parameters for the Pod
4. Set Up Parameters for the Network Service
5. Deploy the Container
6. Verify Your Container Creation
242
Task 1: Create a Kubernetes Namespace
Your pipeline creates a container in Kubernetes. It needs a Kubernetes name space already
created before it runs.
1. Start your MTPuTTY utility to connect to SA-K8S-Master.
2. Double-click the SA-K8S-Master shortcut to start an SSH session with SA-K8S-Master.
The MTPuTTY utility automatically logs you in as root.
3. Enter the command kubectl get namespaces.
4. Verify that the lab-demo namespace is present.
5. If the lab-demo namespace does not exist, enter kubectl create namespace
lab-demo.
243
Task 2: Set Up the Pipeline
You create the pipeline and set up a stage.
1. Log in to Cloud Assembly and start vRealize Automation Code Stream.
a. Start Chrome.
If Chrome is already running but a tab logged into vRealize Automation Code Stream is
not open, open a new tab.
f. Click Code Stream.
2. Click Continue on the bottom of the Code stream Guided Setup Diagram if it appears.
3. Click Endpoints on the navigation bar on the left.
4. Click OPEN on the SA-K8S-Master Kubernetes endpoint catalog card.
NOTE
Observe that the configuration already has a security token assigned to the Kubernetes
configuration. If you want information on the RBAC configuration, the configuration yaml files
are contained in /etc/kubernetes/rbac/ in the sa-k8s-master node. You can access the files
and use kubectl describe secrets to access the security token for the admin
account created from the files.
5. Click CANCEL.
6. Click Pipelines in the left pane.
7. Click the + New Pipeline option from the top of the screen.
8. Select Blank Canvas from the drop-down menu.
9. Enter Kubernetes Pod for in the Name text box.
10. Enter the description. This is a base container with a network

service to connect port 80 to a web server.
11. Select VMW-ENG as the Project from the drop-down menu.
12. Click CREATE to open the pipeline.
244
13. Click the +Stage box to create a base stage.
This pipeline has only one stage.
14. Enter Container Build in the Stage name text box in the right pane.
This value replaces the Stage0 name.
15. Click + Sequential Task in the Container Build stage to add the first element to the stage.
16. Enter Build Kuard in the Task name text box.

17. Select Kubernetes from the Type drop-down menu.
NOTE
The additional options change depending on the type selected.
18. Select SA-K8s-Master from the Kubernetes cluster drop-down menu.
19. Click Create in the Action.
This is the same command set as kubectl create.
20. Click Local definition in the Source Type.
21. Click READ FROM FILE .
22. Navigate to C:\Materials\Blueprints\ and select pod-template.yaml and click Open
NOTE
This template is a skeleton file. The YAML formatting is intact to simplify the build.
245
Task 3: Set Up Parameters for the Pod
You fill out the template and setup inputs to customize the deployment.
1. Click the Input tab above the Container Build stage in the left pane.
2. Click ADD.
3. Enter Name in the Name text box.

4. Leave Value and Description blank and click OK.
5. Click ADD again.
6. Enter Namespace in the Name text box.
7. Enter lab-demo in the Value text box.
8. Click OK.
9. Verify that your Inputs are correct:
10. Click SAVE.
11. Click the Model tab to enter the graphical pipeline view.
The screen opens back up to the last object selected, so you must not have to select the
Build Kuard task.
246
12. Use the following screenshot to guide you on the changes needed inside the local YAML file.
This file is the final version of the YAML.
13. Enter v1 to the right of apiVersion:
14. In the YAML definition text box, enter Pod to the right of kind:.
15. In the YAML definition text box, enter ${input.Name} to the right of name: under
metadata:.
This property allows the user to enter the input Name into the name of the container.
16. In the YAML definition text box, enter ${input.Namespace} to the right of
namespace:.
17. In the YAML definition text box, enter kuard to the right of app:.
18. In the YAML definition text box, enter gcr.io/kuar-demo/kuard-amd64:1 to the

right of -image:.
19. In the YAML definition text box, enter ${input.Name} to the right of name: under spec:.
20. Verify your YAML code:
247
Task 4: Set Up Parameters for the Network Service
You fill the service-template.yaml and set up inputs to customize the deployment.
1. Click the + Sequential Task in the Container Build stage in the left pane.
2. Enter Expose 8080 in the Task name text box in the right pane.
4. Select SA-K8S-Master from the Kubernetes cluster drop-down menu.
5. Click Create as the Action.
6. Click Local Definition for Source type.
7. Click READ FROM FILE and navigate to C:\Materials\Blueprints\.
8. Select the file service-template.yaml and click Open.
9. Use the following screenshot to guide you on the changes needed inside the Local YAML
file.
This is the final version of the YAML.
10. Enter v1 to the right of apiVersion:
11. Enter Service to the right of kind:.
12. In the YAML definition text box, enter ${input.Name} to the right of name: under
metadata:.
13. In the YAML definition text box, enter ${input.Namespace} to the right of
namespace:.
248
14. Enter run: kuard to replace app:.
15. Enter 8080 to the right of - port:.
16. Enter kuard to the right of app:.
This selects any containers with a label of kuard and opens port 8080 in the container.
17. Verify your Local YAML definition code:
249
Task 5: Deploy the Container
You deploy the pipeline to create the container.
1. In the top-right corner, click VALIDATE TASK.
A green bar across the top appears. If any errors occur, follow the instructions to resolve.
The properties are case-sensitive.
2. Click SAVE on the bottom of the screen.
3. Click CLOSE.
NOTE
Be careful with the close button. If you do not save before closing, the screen reverts all
changes to their previous version.
4. Select Enable from the ACTIONS drop-down menu on the Kubernetes Pod catalog card.
5. Click RUN.
6. Enter mykuard in the Name text box.
IMPORTANT
It is critical that the name is all in lowercase. The vRealize Automation Code Stream
execution fails if it is not.
Keep spaces, special characters, and capital letters out of container names because
commands are based on CLI and spaces delineate new objects.
7. Click RUN.
8. Click Executions to see the container run in action. The build should run fairly quickly for
about 1 minute.
9. You should see the execution run, and then end with a COMPLETED status.
250
Task 6: Verify Your Container Creation
You verify the creation of a container in Kubernetes.
1. Return to your MTPuTTY session on SA-K8S-Master.
2. Enter kubectl get pods --namespace lab-demo.
251
Lab 23 Using vRealize Automation
Code Stream to Build a Replica Set
Container with a Load Balancer
Objective and Tasks

You create a pipeline to deploy Kubernetes pods with replica sets and a load balancer:
1. Create a Kubernetes Namespace
3. Set Up Parameters for the Pod
4. Configure the Build Namespace Task
5. Configure the Build Namespace Local YAML File
6. Build the Build Replica Set Stage
7. Build the Build Replica Set Task
8. Build the Build Services Stage
9. Configure the Expose 80 Task
10. Create the Update Load Balancer Task
11. Validate Your Pipeline
12. Deploy the Container
13. Verify Your Container Creation with One Pod
14. Deploy the Container with Two Pods

15. Verify Your Container Creation With Two Pods
252
Task 1: Create a Kubernetes Namespace
Your pipeline creates a container in Kubernetes. It needs a Kubernetes name space already
created before it runs.
1. Start your MTPuTTY utility to connect to SA-K8S-Master.
2. Double-click the SA-K8S-Master shortcut to start an SSH session with SA-K8S-Master.
The MTPuTTY utility will automatically log you in as root.
3. Enter the command kubectl get namespaces.
4. Verify that the web namespace is present.
5. If the web namespace does not exist, enter kubectl create namespace web.
253
1. Log in to Cloud Assembly and start vRealize Automation Code Stream.
a. Start Chrome.
If Chrome is already running but a tab logged into Orchestrator is not open, open a new
tab.
4. Click the + New Pipeline option from the top of the screen.
6. Enter Replica-Set-with-Network-Service in the Name text box.
7. Enter This is a replica set with a network service to connect

port 80 to a web node in the Description text box.
8. Select VMW-ENG from the Project drop-down menu.
11. Enter Container Build in the Stage name text box in the right pane.
This replaces the Stage0 name.
254
Task 3: Set up Parameters for the Pod
You set up the parameters for the pod.
1. Click the Input tab above the Container Build stage in the left pane.
2. Click ADD.
3. You are creating these inputs. Look at this screen carefully. It is confusing that you have an
input whose "name" is "Name".
4. Enter the Name input:
Name Value
Name Name
Value onenode
Description leave blank
5. Enter the Namespace input:
Name Value
Name Namespace
Value web
255
6. Enter the NumberReplicas input:
Name Value
Name NumberReplicas
Value 1
8. Click SAVE and close the warning message.
NOTE
Do not worry about the warning message about the fact that the Stage Container Build does
not have any task yet. You create that task next.
256
Task 4: Configure the Build Namespace Task
You configure the Build Namespace task.
1. Click the Model icon to return to the graphical design canvas.
2. Click + Sequential Task in the Container Build stage to add the first element to the stage.
3. Enter Build Namespace in the Task name text box.

NOTE
The additional options change depending on the type selected.
5. Select Continue on failure.
6. Keep the default setting to Always Execute task.
This is the same as using the kubectl create command on the Kubernetes server.
10. Click READ FROM FILE.
11. Navigate to C:\Materials\Blueprints\ and select Build Namespace.yaml and click Open.
NOTE
This template is a skeleton file. The YAML formatting is intact to simplify the build.
257
Task 5: Configure the Build Namespace Local YAML File
You configure the Build Namespace Local YAML file.
1. Click the Build Namespace task.
2. Use the following screenshot to guide you on the changes needed inside the Local YAML
file. This is the final version of the YAML.
Here is the program code for the Local YAML definition:
apiVersion: v1
kind:
metadata:
name: ${input.Namespace}
labels:
name: ${input.Namespace}
IMPORTANT
Make sure there is a single blank space between any colon (:) in YAML and the value
following it. For example, the metadata > name: line is name: ${input.Namespace},
not name:${input.Namespace}. If you do not include this single blank space your
pipeline still pass the VALIDATE TASK test, but the pipeline does not work.
258
3. Verify your Build Namespace task settings.
4. Click VALIDATE TASK and correct any errors.
5. Click SAVE.
Task 6: Build the Build Replica Set Stage

You build the Build Replica Set stage
1. Click the +Stage icon to add a new stage under the Container Build stage.
2. Enter Build Replica Set in the Stage name text box in the right pane.
259
Task 7: Build the Build Replica Set Task
You build the Build Replica Set task, which installs replicas of Apache as a Kubernetes pod.
1. Click +Sequential Task in the Build Replica Set stage.
2. Enter Build Replica Set in the Task name text box.
5. Click Create as the Action.
6. Click Local Definition for Source type.
7. Click READ FROM FILE., and navigate to C:\Materials\Blueprints\.
8. Select the file Build-Apache.yaml and click Open.

9. Verify your Build Replica Set parameters.
260
11. Click SAVE.
261
Task 8: Build the Build Services Stage
You build the Build Services stage.
1. Click the +Stage icon to add a new stage under the Build Replica Set stage.
2. Enter Build Services in the Stage name text box in the right pane.
262
Task 9: Configure the Expose 80 Task
You configure the Expose 80 task.
1. Click + Sequential Task in the Build Services stage to add the first element to the stage.
2. Enter Expose 80 in the Task name text box.
9. Navigate to C:\Materials\Blueprints\ and select Expose 80.yaml and click Open.
11. Click SAVE.
263
Task 10: Create the Update Load Balancer Task
You create and configure the Update Load Balancer task.
1. Click + Sequential Task to the right of Expose 80 in the Build Services stage to add the
second element to the stage.
2. Enter Update Load Balancer in the Task name text box.
4. Click On condition in Execute task.
5. Enter the following code in your condition:
${input.NumberReplicas} > 1
This updates the load balancer if more than one replica is created.
7. Click Apply in the Action.
IMPORTANT
Make sure you click Apply, and not Create.
10. Navigate to C:\Materials\Blueprints\ and select Load-Balancer.yaml and click Open.
264
11. Verify that your Update Load Balancer task is correctly configured.
13. Click SAVE.
265
Task 11: Verify Your Pipeline
Verify that your pipeline is correctly configured.
1. Verify that graphically your pipeline is correct.
2. Verify that the Build Namespace task is correctly configured:
266
3. Verify that the Build Replica Set task is correctly configured:
267
4. Verify that the Expose 80 task is correctly configured:
268
5. Verify that the Update Load Balancer task is correctly configured:
6. Click SAVE.
7. Click CLOSE.
269
Task 12: Deploy the Container
1. Select Enable from the ACTIONS drop-down menu on the Replica-Set-with-Network-
Service catalog card.
2. Click RUN.
3. Enter onenode in the Name text box.
IMPORTANT
It is critical that the name is all in lowercase. The vRealize Automation Code Stream
4. Enter web in the Namespace text box.
5. Enter 1 in the NumberReplicas text box.
6. Click RUN.
7. Click Executions to see the container run in action. The build must run fairly quickly for about
1 minute.
8. You should see the execution run, and then end with a COMPLETED status.
270
Task 13: Verify Your Container Creation with One Pod
You verify the creation of a container in Kubernetes with a single pod.
2. Enter kubectl get pods --namespace web.
Task 14: Deploy the Container with Two Pods

1. Return to your Code Stream Chrome browser tab.
2. Click Pipelines.
3. Click RUN on the Replica-Set-With-Network-Service catalog card.
4. Enter twonodes in the Name text box.
IMPORTANT
It is critical that the name be all in lowercase. The vRealize Automation Code Stream
5. Enter web in the Namespace text box.
6. Enter 2 in the NumberReplicas text box.
7. Click RUN.
8. Click Executions to see the container run in action.
The build must run fairly quickly for about 1 minute.
You must see the execution run end with a COMPLETED status.
271
Task 15: Verify Your Container Creation With Two Pods
You verify the creation of a container in Kubernetes with two pods.
2. Enter kubectl get pods --namespace web.
3. Enter kubectl get deployments --namespace web.
NOTE
You see the single deployment for onenode and two deployments for twonodes.
4. Enter kubectl get services --namespace web.
NOTE
You see the two services named OneNode and TwoNodes
5. Enter kubectl describe service --namespace web twonodes to see the

information about the load balancer.
6. Close your MTPuTTY session to SA-K8S-Master.
272
Lab 24 Calling Cloud Assembly and
vRealize Orchestrator from vRealize
Automation Code Stream
Objective and Tasks

You create a pipeline that calls Cloud Assembly to deploy a virtual machine and then call vRealize
Orchestrator to add the IP address to the DNS server:
1. (Optional) Prepare Your PowerShell Host
2. (Optional) Connect Your PowerShell Endpoint in vRealize Orchestrator
3. Import a vRealize Orchestrator Package
4. Tag Your vRealize Orchestrator Workflow
5. (Optional) Upload a YAML Blueprint That Deploys an Ubuntu Server with a Static IP Address
6. Release Your Blueprint
7. Add a vRealize Orchestrator Endpoint to vRealize Automation Code Stream
9. Configure Inputs for the Pipeline
10. Configure the Deploy VM Task
11. Configure the Add IP to DNS Task
12. Run the Pipeline
13. Rerun the Pipeline
273
Task 1: (Optional) Prepare Your PowerShell Host
You use PowerShell to run a command that adds a DNS entry to the DNS host. To simplify the
connection of vRealize Orchestrator to PowerShell, you must first open security on the
PowerShell host.
NOTE
If you have configured the dc.vclass.local PowerShell host to communicate with vRealize
Orchestrator in a previous lab, you can skip this task.
1. Click the Remote Desktop Connection Manager icon.
2. Double-click DC (vclass.local).
3. On the dc.vclass.local desktop, open a command prompt.
4. Enter winrm quickconfig.
Several default settings are set in Winrm.
5. Enter winrm set winrm/config/service/auth @{Basic=”true”}.

A list of configuration settings, including Basic = true, appear on Winrm.
You must enter {} and not parentheses with the Basic="true" parameter.
6. Enter winrm set winrm/config/service

@{AllowUnencrypted=”true”}.
A list of configuration settings, including AllowUnencrypted = true, appear on
Winrm.
274
You must enter braces {} and not parentheses with the Basic="true" parameter.
7. Close the command prompt on the dc.vclass.local desktop.
8. Click the Windows Start menu icon on the DC server.
9. Click the Windows PowerShell ISE icon.
10. Enter set-executionpolicy bypass and click Yes.
A bypass execution policy in PowerShell allows vRealize Orchestrator to send commands to

this Windows server without scripts signed by digital certificates. This policy is acceptable for
lab or test environments. Production systems must always use valid digital certificates that
trusted certificate authorities sign.
11. Close the Windows PowerShell ISE pane.
275
Task 2: (Optional) Connect Your PowerShell Endpoint in vRealize
Orchestrator
You connect vRealize Orchestrator to the PowerShell host so that workflows can run PowerShell
commands.
NOTE
If you have connected vRealize Orchestrator to the dc.vclass.local PowerShell host in a

previous lab, you can skip this task.
Use this step only if you do not have two browser tabs that are currently logged in to
vRealize Orchestrator and Cloud Assembly.
h. Use the shortcut to go to vRA > vRA-Standard.
k. Verify that you have two Chrome tabs open.

l. Click the Orchestrator Client tab.
3. Enter add in the Filter text box.
4. Enter powershell in the Filter text box to give a second filter.
Two filters are created. The Add a PowerShell host workflow appears.
You can click anywhere above the filter text box to remove the third filter text box.
5. Click RUN in the Add a PowerShell host workflow catalog card.
276
Option Action
Powershell Host Name Enter DomainController in the text box.
7. After you enter the Name, Host / IP, and Port information, click the User Credentials tab.
8. Enter the User Credentials information:
Option Action
Session mode Leave at the default setting of Shared Session.
User name Enter administrator@vclass.local in the text box.
IMPORTANT
Make sure you use the administrator@vclass.local account and not the
administrator@vsphere.local account. You are connecting to the Windows domain controller.
You do not have to use a domain controller as your PowerShell host. But that is how your
lab environment is configured.
9. Click RUN.
10. Verify that the Add a PowerShell Host workflow runs successfully and ends with a status of
Completed.
11. If your workflow run fails, click RUN AGAIN and verify your inputs.
12. After your workflow runs, click CLOSE.
277
Task 3: Import a vRealize Orchestrator Package
You import a vRealize Orchestrator package. The workflow in this package adds a DNS entry to
the DNS server.
3. Click IMPORT and import the C:\Materials\vRO\vRA-Add-DNS-CS.package

file.
4. If you are prompted to, click TRUST.
5. Click IMPORT.
6. After the successful import, go to Library > Workflows.
7. Click OPEN on the vRA-Add-DNS catalog card to open the workflow for editing.
8. Click Variables.
9. Click Host.
278
12. Click SELECT and click SAVE.
13. Click VALIDATE.
14. When the Validation is successful message appears, click CLOSE.
If the validation fails, reset the host variable.
15. Click SAVE.
16. Click SAVE to answer Do you want to save the changes you made?
17. Click CLOSE.
279
Task 4: Tag Your vRealize Orchestrator Workflow
You tag a vRealize Orchestrator workflow so that vRealize Automation Code Stream can use it.
NOTE
The Tag workflow workflow is included in vRealize Orchestrator 8.1.
You must run the Tag workflow workflow on any workflows that you plan to use in vRealize
Automation Code Stream.
2. Enter Tag workflow in the Filter text box.
3. Click RUN on the Tag workflow catalog card.
4. Enter DNS in the Tagged workflow text box and click vRA-Add-DNS-CS.
5. Enter CODESTREAM in the Tag text box.
6. Enter CODESTREAM in the Value text box.
7. Select Global tag.
8. Verify your inputs.
9. Click RUN.
280
Task 5: (Optional) Upload a YAML Blueprint That Deploys an Ubuntu
Server with a Static IP Address
Upload a YAML blueprint that deploys an Ubuntu Server with a static IP address.
NOTE
If you have already imported the Ubuntu-Static-IP blueprint, you can skip this task.
Assembly.
IMPORTANT
a. Open Chrome.

Option Action
Name Enter Ubuntu-Static-IP in the text box.
Description Enter Ubuntu server with static IP

address in the text box.
Blueprint sharing in Service Select Share only with this project.

Broker

C:\Materials\Blueprints\Answers\Ubuntu-
Static-IP.yaml
281
Task 6: Release Your Blueprint
You release the blueprint you imported.
1. Verify that you are in Cloud Assembly.
3. Open the Ubuntu-Static-IP blueprint for editing.
4. Click VERSION.
5. Enter Ubuntu-Static-IPv1 in the Version text box.

6. Select Release this version to the catalog and click CREATE.
7. Click CLOSE.
282
Task 7: Add a vRealize Orchestrator Endpoint to vRealize Automation
Code Stream
Add a vRealize Orchestrator endpoint to vRealize Automation Code Stream
1. (Optional) Log in to vRealize Automation Code Stream and the vSphere Client.
Use this step only if you do not have browser tabs that logged in to vRealize Automation
Code Stream and the vSphere Client.
a. Start Chrome and open a new tab for vRealize Automation Code Stream.
If Chrome is already running, but a tab logged in to vRealize Automation Code Stream is
not open, open a new tab.
g. (Optional) If you do not have a Chrome browser tab that is logged in to the vSphere
Client, open a new browser tab and go to Infrastructure > vSphere Client (SA-VCSA-
01).
h. Log in to the vSphere Client with administrator@vsphere.local as the user ID and

VMware1! as the password.
i. Click the Code Stream tab.

3. Click Endpoints.
4. Click NEW ENDPOINT.
5. Click VMW-ENG from the Project drop-down menu.
6. Click vRO from the Type drop-down menu.
7. Enter Embedded vRO in the Name text box.
8. Enter https://sa-vra-01.vclass.local in the URL text box and click ACCEPT

CERTIFICATE.
9. Click AGREE to accept the certificate.
10. Enter configadmin in the Username text box.
11. Enter VMware1! in the Password text box and click VALIDATE.
12. Click CREATE.
283
2. Click the + NEW PIPELINE option from the top of the screen.
4. Enter Deploy VM and Add IP to DNS in the Name text box.

5. Enter This will use Cloud Assembly to deploy a VM and then add
the IP address to the DNS server in the Description text box.
6. Select VMW-ENG from the Project drop-down menu.
9. Enter Deploy VM and add IP to DNS in the Stage name text box in the right
pane.
This replaces the Stage0 name.
284
Task 9: Configure Inputs for the Pipeline
You set up the inputs for the pipeline
1. Click the Input tab above the Deploy VM and add IP to DNS stage in the left pane.
2. Click ADD.
3. You are creating these inputs:
4. Enter the hostname input:
Name Value
Name hostname1
Value UbuntuServer
Description Host name of Ubuntu server
IMPORTANT
These input variable names are case-sensitive and must match exactly what is used in the
YAML blueprint and the vRealize Orchestrator workflow.
5. Enter the ipaddress input:
Name Value
Name ipaddress
Value 172.20.11.175
Description Enter an IP address in the 172.20.11.175-

172,20.11.180 address range.
285
6. Enter the DeploymentName input:
Name Value
Name DeploymentName
Value Ubuntu-Server-CS
Description Name of the Cloud Assembly deployment. (Don't use

the same deployment name twice).
8. Click SAVE and close the warning message.
NOTE
Do not worry about the warning message about the fact that the Stage Container Build does
not have any task yet. You create that task next.
286
Task 10: Configure the Deploy VM Task
You configure the Deploy VM task.
1. Click the Model tab to return to the graphical design canvas.
2. Click + Sequential Task in the Deploy VM and add IP to DNS stage to add the first element
to the stage.
3. Enter Deploy VM in the Task name text box.
4. Select Blueprint from the Type drop-down menu.
5. Do not select Continue on failure.
8. Enter $ in the Deployment Name text box.
This allows you to start building a name using input variables.
9. Click input.
10. Click DeploymentName.
11. Click Cloud Assembly in the Blueprint source.
12. Click Ubuntu-Static-IP from the Select blueprint drop-down menu.
13. Click Ubuntu-Static-IPv1 from the Select Blueprint Version drop-down menu.
14. Observe that the input parameters defined in the blueprint appear, including any default
values set in the blueprint. These are not the default values from the Pipeline Inputs.
15. Enter ${input.ipaddress} in the ipaddress Value.
16. Enter ${input.hostname1} in the hostname1 Value.
287
17. Verify that your input parameters are correct.
18. Verify that your Deploy VM task is correctly configured.
19. Click VALIDATE TASK.
20. Click SAVE.
288
Task 11: Configure the Add IP TO DNS Task
You create and configure the Add IP to DNS task.
1. Click + Sequential Task to the right of Deploy VM in the Deploy VM and add IP to DNS
stage to add the second element to the stage.
2. Enter Add IP to DNS in the Task name text box.
3. Select vRO from the Type drop-down menu.
4. Do not select Continue on failure.
5. Keep the default setting of Always in Execute task.
6. Select Embedded vRO from the Select vRO Endpoint drop-down menu.
7. Select vRA-Add-DNS-CS from the Select-Workflow drop-down menu.
8. Enter ${input.ipaddress} in the ipaddress text box.
NOTE
The ipaddress and hostname1 inputs are defined in the vRA-Add-DNS-CS workflow. vRealize
Automation Code Stream knows that the work flow needs these inputs from somewhere.
By placing these $variables into the ipaddress and hostname1 text boxes, you hand the
vRealize Orchestrator workflow these inputs that have been defined in vRealize Automation
Code Stream.
9. Enter ${input.hostname1} in the ipaddress text box.
289
10. Verify that your Add IP to DNS task is correctly configured.
12. Click SAVE.
13. Select Enable from the ACTIONS drop-down menu on the Deploy VM and Add IP to DNS.
14. Verify that graphically your pipeline is correct.
15. Click CLOSE.
290
Task 12: Run the Pipeline
You run the pipeline and troubleshoot an error.
1. Click RUN on the Deploy VM and Add IP to DNS catalog card.
2. Keep all the default inputs and click RUN.
3. Click Executions to see the pipeline run in action.
IMPORTANT
Your first pipeline execution fails.
4. Click the Deploy VM and Add IP link to get more information.
291
5. Examine the FAILED pipeline execution report.
6. Click the Deploy VM stage.
The graphic at the top is the name of the Pipeline stage with each task in the stage listed.
The Deploy VM task has a red X icon.
A detailed report on the first task appears.
292
7. Read the Status message carefully.
The following status appears.
Blueprint provisioning request failed with

{"validationMessages":[{"resourceName":"","path":"$.inputs.ipad
dress","message":"Value '172.20.11.175' does not match the
expected regex pattern 172.20.11.[1][8-9][0-
9]"}],"message":null}
8. Examine the YAML blueprint code for the inputs section of the Ubuntu-Static-IP blueprint.
inputs:
hostname1:
type: string
title: Enter your hostname
default: UbuntuStatic
description: This wil be the internal DNS hostname of the
machine
ipaddress:
type: string
title: Enter your IP address range 172.20.11.180-199
pattern: '172.20.11.[1][8-9][0-9]'
description: This will be the IP address. The IP address
should be between 172.20.11.180 and 172.20.11.199.
default: 172.20.11.185
Q1. What is the problem?
A1. The Y AML blueprint has a patter n t hat for ces input values to be in t he 172.20.11.180 - 172.20.11.199 range. Yo u ran t he pipe line wit h t he default inp uts. The default IP in the pipeline is set t o 172.20.11.175, which is o uts ide the allowed range.
293
Task 13: Rerun the Pipeline
1. Click Re-run from the ACTIONS drop-down menu.
2. Change the ipaddress to 172.20.11.188 and click RUN.
3. Click <BACK to watch the new execution.
4. When the pipeline is running, click the Cloud Assembly tab and go to the Deployments menu
to monitor the deployment.
5. Verify that your deployment name is Ubuntu-Server-CS, as configured in the pipeline.
6. When the deployment is complete, click the Orchestrator Client tab.
8. Verify that your most recent workflow run is the vRA-ADD-DNS-CS workflow and that it
completed successfully.
9. Use the Remote Desktop Connection Manager to log in to the Domain Controller
(dc.vclass.local).
10. Use the DNS Manager icon on the dc.vclass.local toolbar to open the DNS Manager.
11. Expand the vclass.local forward lookup zone and verify that the UbuntuServer host name
with the 172.20.11.188 IP address exists.
Click the refresh icon in the DNS Manager view to view the new DNS entry.
12. Select the UbuntuServer DNS entry and delete it.
13. Return to Cloud Assembly and delete the Ubuntu-Server-CS deployment.
294
14. (Optional) Return to Code Stream and correct the default value for the ipaddress input and
update the description is the Deploy VM and Add IP to DNS pipeline .
Make sure that users enter the IP addresses in the range 172.20.11.180-172.20.11.199, as
specified in the YAML blueprint.
295
Lab 25 Configuring the GitLab
Repository
Objective and Tasks

Install the GitLab application on CentOS and configure the repository for vRealize Automation
blueprints:
1. Configure GitLab Initial Configuration
2. Configure the GitLab Repository
296
Task 1: Configure GitLab
You configure the user, token, and create a project in GitLab.
1. Open Chrome.
2. Select SA-GitLab from the Infrastructure favorites menu.
GitLab is already installed on CentOS v8. If you want to know how to install GitLab, see
https://about.gitlab.com/install/#centos-8.
3. Log in to the GitLab console using the CentOS root credentials.
• User name: root
4. Click Configure GitLab.

5. Click Users in the left pane.
6. Click the Administrator account.
The administrator account is the root user name that you have logged in.
7. Click Edit in the top-right corner.
8. Change the account details.
• Name: GitLab Admin
• User name: gitlab-admin
• Email: gitlab-admin@vclass.local
9. Click Save Changes.
10. In the left pane, click Projects.
11. Click New Project.
12. Specify the project details.
Option Action
Project name Enter vRA-ENG in the text box.
Project Enter Project for storing vRealize Automation

description blueprints from VMW-ENG project in the text box.
Visibility Level Select Private.
13. Select the Initialize repository with a README check box.
297
14. Click Create project.
15. Click the icon in the top-right corner of the GitLab console and click Settings.
16. Click Access Tokens in the left pane.
17. Create a personal access token.
Option Action
Name Enter vRA-ENG in the text box.
Expires at Enter 2030-12-31 in the text box.
Scope Select api.
18. Click Create personal access token.
19. Copy the access token to a notepad.
You need the token for the GitLab integration in the next lab.
298
Task 2: Configure the GitLab Repository
You create directories in the repository and import the blueprints to the respective directories.
1. Click the vRA-ENG project.
2. On the GitLab console, click Repository in the left pane.
3. Click the + icon after vra-eng and select New directory.
4. Create a directory for VMW-ENG-PhotonOS blueprint.
Option Action
Directory Enter VMW-ENG-PhotonOS in the text box.

Name
Commit Enter Directory for storing VMW-ENG-PhotonOS

Message blueprint in the text box.
Target Branch Select Master.
5. Click Create directory.
6. Click the + icon after VMW-ENG-PhotonOS and select Upload file.
7. Upload the VMW-ENG-PhotonOS blueprint.
a. Click click to upload.
b. Navigate to the C:\Materials\GitLab-Blueprints\VMW-ENG-PhotonOS directory.
c. Select blueprint.yaml.
d. Click Open.
e. Click Upload file.
8. Click Repository in the left pane.
9. Create a directory for the VMW-ENG-CentOS blueprint.
Option Action
Directory Enter VMW-ENG-CentOS in the text box.

Name
Commit Enter Directory for storing VMW-ENG-CentOS

299
10. Upload the C:\Materials\GitLab-Blueprints\VMW-ENG-CentOS\blueprint.yaml file.
11. Click Repository in the left pane.
12. Create a directory for the VMW-ENG-Public blueprint.
Option Action
Directory Enter VMW-ENG-Public in the text box.

Name
Commit Enter Directory for storing VMW-ENG-Public

13. Upload the C:\Materials\GitLab-Blueprints\VMW-ENG-Public\blueprint.yaml file.
14. Click the blueprint.yaml file.
Verify that the name: and version: properties are at the beginning of the blueprint code
and have the appropriate values.
15. Log out from the GitLab console in the top-right corner.
300
Lab 26 Integrating GitLab with
vRealize Automation
Objective and Tasks

Create GitLab integration in vRealize Automation and configure the content source to
synchronize the GitLab blueprints:
1. Create GitLab Integration
2. Modify Blueprints in GitLab
301
Task 1: Create GitLab Integration
You create GitLab integration in vRealize Automation and add a content source.
1. Open Chrome.
7. In the left pane, click Integrations.
8. Click +ADD INTEGRATION and click GitLab.
9. Configure the GitLab integration.
Option Action
Name Enter SA-GitLab in the text box.
Description Enter GitLab CE Edition for vRA Blueprints in the text box.
Server URL Enter https://sa-gitlab.vclass.local in the text box.
Token Enter the token you copied from the previous lab.
10. Click VALIDATE and accept the certificate.
11. Click ADD.
12. Click OPEN for the SA-GitLab integration.
13. Click the Projects tab.
14. Click + ADD PROJECT.
15. In the Add Project window, select VMW-ENG vRealize Automation project and click NEXT.
302
16. Configure the content source.
Option Action
Type Select Blueprints.
Repository Enter gitlab-admin/vra-eng in the text box.
Branch Enter master in the text box.
Folder Leave it blank.
17. Click ADD.
18. Expand the VMW-ENG content source.
19. Verify that the three blueprints are updated.
20. Click the History tab.
You must verify that version 1 blueprint drafts are updated.
21. Click Cancel.
You can verify that the three blueprints that GitLab uses for source control appear.
23. Leave the Cloud Assembly console open for the next task.
303
Task 2: Modify the Blueprints in GitLab
You modify the blueprints in GitLab to create versions and verify the synchronization in Cloud
Assembly.
1. Open Chrome.
2. Select SA-GitLab from the favorites menu.
3. Log in to GitLab using the credentials.
• User name: gitlab-admin
4. Click the vRA-ENG project.
5. Click the VMW-ENG-PhotonOS directory.

6. Click the blueprint.yaml file.
7. Click Edit in the right corner.
8. Update the blueprint.
a. Update version: from 1 to 2.
b. Update networkType: from existing to public.
c. Enter Changing networkType from "existing" to "public" in the

Commit message text box.
9. Click Commit changes.
10. Go to the vRealize Automation Cloud Assembly console.
12. Click SYNC REPOS.
13. Expand the VMW-ENG-PhotonOS blueprint.
You verify that you see two versions of this blueprint.
14. Click Version-2.
15. Click the Diff tab.
16. Select number 1 from the drop-down menu in the Diff tab.
You verify that the changes that you made to this blueprint from GitLab are available.
17. Log out of the vRealize Automation console in the top-right corner.
304
Lab 27 Configuring and Using Ansible
Objective and Tasks

Learn how Ansible works by configuring and using it independently of vRealize Automation:
1. Configure Ansible
2. Create a Playbook
3. Install Software with Ansible
4. Verify That Apache Is Installed Successfully
5. Delete the Virtual Machine to Save the Lab Resources
305
Task 1: Configure Ansible
You configure Ansible.
new tab.
2. Click the vSphere Client tab.

4. Expand Templates.
5. Right-click Centos-Template and select Deploy a New VM from this Template.
306
6. Deploy a new virtual machine.
Option Action
Virtual machine name Enter Ansible-test in the text box.
Folder Navigate to SA-Datacenter > Lab-VMs.
Compute resource Select SA-Compute-01.
Storage Select SA-Shared-01.
Clone options Select Customize the operating system and Power on virtual
machine after creation.
Customize guest OS Select Lin-Cust.
Do not wait for your virtual machine to deploy.
7. Open MTPuTTY from the start bar and open a session to SA-Ansible.
8. Change your directory to /etc/ansible.
9. Enter nano ansible.cfg to use the nano editor to open the

/etc/ansible/ansible.cfg file.
10. Scroll down and delete # in the #host_key_checking = False line.
NOTE
You can press CTRL-W in the nano editor to search for a string. This might be easier than
scrolling through the file and looking for your text.
Your code appears similar to the output.
By deleting #, this line is not a comment and turns off the Ansible host-key checking. Ansible
host-key checking prevents Ansible from connecting it to a host that it has never connected
before (the system's certificate is not cached). If you deploy a new virtual machine from
vRealize Automation and you want Ansible to configure it, turn off the host-key checking.
307
11. Scroll down and find the #vault_password_file = line.
12. Delete the # character to uncomment the line.
13. Change /path/to/file to

/etc/ansible/ansible_vault_password_file.txt.
14. Verify that your changes match the code:
vRealize Automation cannot connect to an Ansible server unless the

vault_password_file option is set in the configuration file.
15. Press Ctrl-X and enter Y to exit the nano editor and save the file.
NOTE
Many Linux services require you to restart the service after you change the configuration file.
This is not true with Ansible. The changes that you made take effect immediately.
16. Go to the Chrome browser and the vSphere Client tab.
Do not close the MTPuTTY session on SA-Ansible.
17. Verify that the Ansible-Test virtual machine has been deployed and powered on.
18. Record the TCP/IP address (172.20.11.xxx). __________
19. Return to the MTPuTTY session that is connected to the SA-Ansible virtual machine.
20. Enter nano hosts to use the nano editor to open /etc/ansible/hosts.
21. Change the webservers group.
Your current hosts file appears similar to this output.
22. Delete the ## before [webservers] to uncomment the group.
The [webservers] host group must be defined.
308
23. Delete the lines with the other ## servers defined under [webservers] (##
alpha.example.org, ## beta.example.org, ## 192.168.1.100, ## 192.168.1.110).
24. Do not delete any of the other defined groups ([nginxWebServers], [dbservers],
[roletargets], and so on.)
25. Add an entry that matches the IP address of the Ansible-Test virtual machine (172.20.11.xxx)
under the [webservers] group.
26. Verify that your file appears similar to the output.
Your TCP/IP address might differ.
27. Press Ctrl+X and enter Y to exit the nano editor and save the file.
28. Enter echo 'VMware1!' >

/etc/ansible/ansible_vault_password_file.txt to create the vault
password file.
309
Task 2: Create a Playbook
You create a playbook to install the Apache web server.
1. Use the Notepad++ editor to open the C:\Materials\Ansible\apache.yml text file. Verify that
this file contains the following code.
---
- name: Apache
hosts: webservers
remote_user: vmuser
become: yes
become_method: sudo
become_user: root
vars:
http_port: 80
max_clients: 10
ansible_become_pass: VMware1!
tasks:
- name: open firewall
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
- name: install apache
yum:
name: httpd
state: latest
- name: ensure apache is running
service:
name: httpd
state: started
Your apache playbook contains the following:
• The playbook begins with a play named Apache. This play is applied to computers in the
webservers inventory group.
• The vmuser user account is used by the Ansible server to log in using SSH to the virtual
machine. The password must be communicated when you run the playbook.
• The Ansible server is the root with the sudo command as root powers are required.
310
• Variables are defined to specify the HTTP port for Apache, the maximum connections
that the web server allows, and the password that Ansible must use with the sudo
command to become root.
• Three tasks exist:
 The first task opens the firewall to allow outside connections to connect to the
webserver.
 The second task uses yum to install the Apache web server. If this playbook was
for an Ubuntu machine, the module used to install Apache is apt. Different
playbooks are required for different operating systems.
 The third task verifies that the Apache web server is running.
2. Close the Notepadd ++ text editor without making any changes to the Apache.yml
playbook.
3. Click the Windows icon on your student desktop taskbar and start the WinSCP program.
4. Connect to SA-Ansible in WinSCP.
NOTE
If you see a warning message about a directory that does not exist, click OK.
5. In the left pane, navigate to C:\Materials\Ansible.
6. In the right pane, navigate to /etc/ansible.
311
7. Click the apache.yml file in the left pane and click Upload.
8. Click OK to copy the file to the SA-Ansible server into /etc/ansible.
312
Task 3: Install Software with Ansible
You use Ansible and your new playbook to install Apache on the web servers defined in the
inventory.
1. Return to your SSH session on SA-Ansible.
2. Enter the ansible-playbook /etc/ansible/apache.yml -u vmuser -k

command.
The -u parameter specifies the user account that Ansible must use to connect to the
servers it configures. The -k parameter causes the ansible-playbook command to
ask for the password. To find all parameters and options in the ansible-playbook
command, you enter ansible-playbook --help.
3. Enter VMware1! as the password when you are prompted.
4. Verify that the tasks appear when the playbook runs.
• Gathering Facts
• open firewall
• install apache
• ensure apache is running
The Gathering Facts task is done automatically for all playbooks unless you override it. The
other three tasks are the tasks you define.
The playbook lists the servers to change.
5. Verify that the playbook ends with PLAY RECAP.
The tasks that were correct, changed, unreachable, failed, skipped, rescued, or ignored
appear.
313
6. Use the up arrow to run the ansible-playbook command a second time.
As these changes have already been made on the system, each task returns an OK status
without making any changes. You can use Ansible to correct the configuration of systems.
This time the PLAY RECAP reports ok=4 and changed=0.
314
Task 4: Verify That Apache Is Installed Successfully
You verify that Apache is installed successfully.
1. Go to Chrome and open a new tab.
2. Enter http://172.20.11.<xxx>, where the IP address is the IP address of the

Ansible-Test virtual machine.
3. Verify that the Apache test page appears.
4. Close your Apache HTTP Server Test Page browser tab.
315
Task 5: Delete the Virtual Machine to Save the Lab Resources
You delete the virtual machine to save the lab resources.
1. Go to the vSphere Client tab in Chrome.
2. Right-click the Ansible-Test virtual machine and click Power > Power Off.
3. Click YES to shut down the virtual machine.
4. Right-click the Ansible-Test virtual machine and click Remove from Inventory.
5. Click YES to confirm the removal of the virtual machine.
6. Return to your SSH session that is connected to the SA-Ansible server.
7. Enter nano /etc/ansible/hosts.

8. Delete the 172.20.11.<xxx> server you added under [webservers].
This prevents Ansible from trying to reinstall apache on the virtual machine that no longer
exists.
9. Press CTRL-X and Y to save the changes to your /etc/ansible/hosts file.
316
Lab 28 Deploying Apache Using
Ansible and vRealize Automation
Objective and Tasks

Deploy Apache using Ansible and vRealize Automation:
1. Connect to the Ansible Server
2. Create an Ansible Blueprint
3. Test the Ansible Configuration by Deploying the Blueprint
317
Task 1: Connect to the Ansible Server
You connect vRealize Automation to your Ansible server.
new tab.
3. Go to Infrastructure > Integrations.

4. Click + ADD INTEGRATION.
5. Click the Ansible integration type.
You must not click Ansible Tower.
6. Enter SA-Ansible in the Name text box.
7. Enter sa-ansible.vclass.local in the Hostname text box.
8. Verify that the Inventory file path is /etc/ansible/hosts.
9. Enter root in the Username text box.
Best practice is not to use the root account for the integration connection in any production
environment.
10. Verify that Use sudo commands for this user is not selected.
If you use the root account to connect to Ansible Control Machine and select use sudo, the
deployments fail.
11. Verify that Encryption is set to Password.
318
12. Enter VMware1! in the Encryption text box.
13. Verify that your configuration is correct.
14. Click VALIDATE.
15. After the Credentials validated successfully message appears, click ADD.
319
Task 2: Create an Ansible Blueprint
You create a blueprint that uses Ansible.
2. Select the VMW-Centos-Static blueprint and click CLONE.
3. Enter Ansible-Apache in the Name text box.

4. Select VMW-ENG in the Project search box.
5. Select Current Draft in the Version drop-down menu and click CLONE.
6. Click the Ansible-Apache blueprint to open it for editing.
7. Scroll the left Resource pane down to Configuration Management > Ansible.
8. Click the Ansible resource type and drag it onto the design canvas above the
Cloud_vSphere_Machine.
9. Connect the Cloud_Ansible component to the Cloud_vSphere_Machine component.
320
10. Examine the YAML blueprint code. Observe the properties of the Cloud_Ansible_1
component.
11. Copy the following YAML code from

C:\Materials\Blueprints\Answers\Ansible-Apache.txt file.
resources:
Cloud_Ansible_1:
type: Cloud.Ansible
properties:
authentication: usernamePassword
inventoryFile: /etc/ansible/hosts
username: vmuser
password: VMware1!
playbooks:
provision:
- /etc/ansible/apache.yml
osType: linux
groups:
- webservers
maxConnectionRetries: 20
account: SA-Ansible
host: '${resource.Cloud_vSphere_Machine_1.*}'
12. Paste your code into the blueprint and replace the entire blueprint.
NOTE
You can import a blueprint. But this lab gave you a chance to locate the Ansible resource and
see how it connects to a machine.
321
13. Verify that your YAML blueprint code is correct and examine the changes made to the
Cloud_Ansible_1 resource in the YAML code.
• The authentication is set to usernamePassword.
• The inventory file maps to /etc/ansible/hosts
• The user that the SA-Ansible server uses to connect to the target virtual machine is
vmuser. This user must exist in the deployed virtual machine. In this case, the user is
already in the CentOS template. But you can add YAML code to create the user before
Ansible runs the playbook.
• The playbook that is used is /etc/ansible/apache.yml.
• The group in the /etc/ansible/host file that is used is [webservers].
• The integration account that vRealize Automation uses is the SA-Ansible account.
• The target machine that Ansible configures is the host

resource.Cloud_vSphere_Machine_1.
14. Test your blueprint.
Do not proceed if syntax errors appear. Correct your errors first.
15. Click CLOSE.
322
Task 3: Test the Ansible Configuration by Deploying the Blueprint
You verify the Ansible configuration and the Ansible blueprint by deploying the blueprint.
1. Select the Ansible-Apache blueprint and deploy the blueprint with the parameters.
Option Action
Deployment Name Enter Ansible-Test in the text box.
3. Click Topology, when the deployment is complete.
4. Click the Cloud_vSphere_Machine_1 component on the design canvas.
5. Record the TCP/IP address of the deployed system. ___________
6. Click CLOSE to close the deployment monitor.
7. Open a tab in Chrome.

323
9. Verify that the Apache test page appears.

2. Delete the Ansible-Test deployment.
324
Lab 29 Deploying an Ansible Role
Objective and Tasks

Deploy Apache using Ansible and vRealize Automation:
1. Install and View the Ansible Role
2. Create an Ansible Blueprint
3. Test the Ansible Role by Deploying the Blueprint
4. Delete the Deployment to Save Lab the Resources
325
Task 1: Install and View the Ansible Role
You install the Ansible role.
new tab.
2. Click the Windows Start menu on the student desktop and click WinSCP.
3. Connect an SFTP session to sa-ansible.vclass.local with root as the user name and VMware1!
as the password.
If a warning message about adding an unknown server appears, click Yes to continue.
4. On the left pane, go to C:\Materials\Ansible.
5. In the right pane, go to /etc/ansible/.
6. Right-click the apache-role.yml file in the left (Windows) pane and click Upload to copy the
apache-role.yml file to /etc/ansible.
326
7. Double-click the apache-role.yml file (in either pane) and use Notepad++ to examine the file.
This Ansible playbook calls a role named apache.
---
- name: ApacheRoleCall
hosts: roletargets
remote_user: vmuser
become: yes
become_method: sudo
become_user: root
roles:
- apache
The apache role is a collection of files and directories in
/etc/ansible/roles/apache. The playbook that calls the role is minimal in size.
These roles are also called as role playbooks or skeleton playbooks.
8. Close Notepad++ without modifying the apache-role.yml file.
9. Click the space at the bottom in the right pane (Linux) to select Linux.
10. Navigate to Files > New > Directory when the right pane (Linux system) is selected.
11. Double-click and open the roles folder in the right pane.
12. Right-click the apache directory in the left pane (Windows) and select Upload.
13. Click OK to copy the apache directory (and all subdirectories and files) to the
/etc/ansible/roles path on SA-Ansible.
14. Double-click and open the apache directory in the left pane (Windows).
15. View the subdirectories and files.
You can open each file with Notepad++. Do not modify the files.
Examine the following files:
• C:\Materials\Ansible\roles\apache\tasks\main.yml
• C:\Materials\Ansible\roles\apache\vars\main.yml
• C:\Materials\Ansible\roles\apache\handlers\main.yml
• C:\Materials\Ansible\roles\apache\files\example.conf
• C:\Materials\Ansible\roles\apache\files\index.html
The set of files and directories are the code required for the ansible role named apache. This
apache role is equivalent to the apache playbook you ran earlier. The earlier apache
playbook is below. Examine it and compare it to the files and directories in the apache role.
327
16. Close the WinSCP app and click Yes to end the session without saving the workspace.
328
Task 2: Create an Ansible Blueprint
You create a blueprint that uses an Ansible role.
1. Go to the Cloud Assembly tab in Chrome.
3. Select the Ansible-Apache blueprint and click CLONE.
4. Enter Ansible-Apache-Role in the Name text box.

5. Select VMW-ENG in the Project search text box.
6. Select Current Draft in the Version drop-down menu and click CLONE.
7. Click the Ansible-Apache-Role blueprint and open it for editing.
8. Change the YAML code for the playbook.
playbooks:
provision:
- /etc/ansible/apache-role.yml
The syntax for calling an ansible role in a YAML blueprint is the same as the syntax for calling
an ansible playbook. You are calling a different ansible playbook. This playbook uses the
roles directive instead of defining tasks in the playbook.
9. Change the YAML code for the group.
groups:
- roletargets
If you do not correct the groups target, the apache-role will not run on the new virtual
machine. The apache-role playbook is looking for members of the [roletargets] group.
329
10. Verify that your YAML code is correct.
11. Test your blueprint.
You must not proceed if syntax errors appear.
12. Click CLOSE.
330
Task 3: Test the Ansible Role by Deploying the Blueprint
You verify the Ansible configuration and the Ansible blueprint by deploying the blueprint.
1. Select the Ansible-Apache-Role blueprint and deploy the blueprint with the parameters.
Option Action
Deployment Name Enter Ansible-Role-Test in the text box.
3. Click Topology, when the deployment is complete.
4. Click the Cloud_vSphere_Machine_1 component on the design canvas.
5. Record the TCP/IP address of the deployed system. __________
6. Click CLOSE to close the deployment monitor.
7. Open a tab on the Chrome browser.

9. Verify that the Apache page appears.
Your new apache role has a different file for the index.html page. So, your starting webpage
looks different than when you used the apache playbook.
331
2. Delete the Ansible-Role-Test deployment.
332
Lab 30 Troubleshooting Ansible and
vRealize Automation
Objective and Tasks

Troubleshoot a broken Ansible blueprint and playbook:
1. Import a Broken Ansible Blueprint and Correct Problems
2. Deploy Your Ansible Blueprint and Correct Problems
3. Redeploy Your Ansible Blueprint and Correct Problems
4. Test Your Final Corrected Ansible Blueprint
333
Task 1: Import a Broken Ansible Blueprint and Correct Problems
You import an ansible blueprint that has problems in the YAML code and the Ansible playbook to
fix the problems.
1. Use the WinSCP utility to copy C:\Materials\Ansible\nginx.yml to the SA-

Ansible server file /etc/ansible/nginx.yml.
2. If you are not logged in to Cloud Assembly on the SA-vRA-01 system, log in to Cloud
Assembly.
a. Open Chrome.
4. Click Upload to upload the blueprint.
Option Action
Name Enter Ansible-NGINX in the text box.
Description Enter Ansible blueprint that deploys an NGINX

web server in the text box.

Service Broker
Upload file Go to C:\Materials\Blueprints\ and click

Broken_Ansible.yaml.
5. Open the Ansible-NGINX blueprint and correct any syntax errors.
334
6. Before you try to test or deploy your blueprint, check for a frequent problem. Do the groups
in the blueprint match the groups in the hosts file on the Ansible server?
Here is a copy of part of the /etc/hosts file:
[webservers]
[nginxWebServers]
[dbservers]
[roletargets]
[mysqlbackend]
[masters]
[workers]
Q1. Is there a problem in groups part of the YAML code?

A1. Yes, the groups in the YAML code must be nginxWeb Servers, no t ng inxWebServer.
7. If you saw a problem with your YAML blueprint groups, correct the problem before you
proceed.
8. Test your blueprint with all the default values.

A2. The Ans ible integr atio n acco unt is set to S A-Ansib les. It m ust be set to S A-Ansib le.

A3. The C loud_ Ans ible_1 c omponent is not co nnected t o Cloud_vSphere_Mac hine_1.
9. Save a version of this blueprint.
Option Action
Version Enter Debug-1 in the text box.
Description Enter Obvious syntax errors corrected in the text box.
Release Do not select Release this version to the catalog.
10. Click CLOSE.
335
Task 2: Deploy Your Ansible Blueprint and Correct Problems
You verify that the corrected Ansible blueprint and playbook works by deploying the blueprint.
1. Click the Cloud Assembly tab in the Chrome browser to return to Cloud Assembly.
3. Select the Ansible-NGINX blueprint and deploy the blueprint with the parameters.
Option Action
Deployment Name Enter Ansible-NGINX-2 in the text box.
5. View the error message.
NOTE
The IP address in your error message might be different.
TASK [Gathering Facts]

*********************************************************,fatal
: [172.20.11.182]: UNREACHABLE! => {"changed": false, "msg":
"Invalid/incorrect password: Permission denied, please try
again.", "unreachable": true},,PLAY RECAP
***************************************************************
******,172.20.11.182 : ok=0 changed=0 unreachable=1 failed=0
skipped=0 rescued=0 ignored=0 Refer to logs at
var/tmp/vmware/provider/user_defined_script/00f237be-54d8-4691-
9681-e8db6736f134/ on Ansible Control Machine for more details.
A1. A comm unic atio ns prob lem between t he Ansib le Control Mac hine and t he virt ual machine o n w hich it is trying to install software exists.
336
6. Record the last four digits of the error directory.
In the example, the directory ends with /00f237be-54d8-4691-9681-

e8db6736f134. The last four digits are ff34.
Your directory name might differ.
7. Use the MTPuTTY application to open a session to SA-Ansible.
8. Enter the cd /root/var/tmp/vmware/provider/user_defined_script

command to change to the Ansible log directory on the server.
9. Enter the ls command to view the directories.
You can use the pointer to select and copy the directory name you need.
10. Enter cd and right-click to change to the correct directory.
You can also record the entire string and enter the cd <xxxxxxxx-xxxx-xxxx-xxxx-
xxxxxxxxxxxx> command.
11. Enter ls to view the log files.
12. Use nano to view the log.txt file.

A2. The p laybook run does not wor k from v Realize Autom ation. A c ommunicat ions pr oblem between Ans ible and the v irtual mac hine it co nfig ures exists.
Q3. Ansible always uses SSH to communicate. What user account is the YAML
blueprint trying to use to log into the virtual machine from the Ansible Control Machine?
A3. The vmware user acco unt.
337
Q4. Does the user account vmware exist? Does the account have the rights to log
in from SSH?
A4. If you open a conso le to the vir tual m ac hine that w as deployed, you can conf irm t hat t he vmware user acco unt e xists and you can log in w ith the user acco unt. If you try to use the M TPuTTY applicat io n to connect t o the deployed virt ual machine using t he vmware user acc ount, the SSH session f ails. The vmware user ac count does not have t he r ights to log in from SSH.
13. Correct the problem by changing the YAML blueprint to use the vmuser user account.
The vmuser user account can log in with SSH.
338
Task 3: Redeploy Your Ansible Blueprint and Correct Problems
You verify that the corrected Ansible blueprint works by deploying the blueprint.
Option Action
Deployment Name Enter Ansible-Test-1 in the text box.
3. View the error message.

Unable to validate syntax for Playbook(s). Failed to execute
script on host sa-ansible.vclass.local. Error: ERROR! We were
unable to read either as JSON nor YAML, these are the errors we
got from each: JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML. mapping values are not allowed
in this context The error appears to be in
'/etc/ansible/nginx.yml': line 29, column 11, but may be
elsewhere in the file depending on the exact syntax problem.
The offending line appears to be: - name; Install nginx yum: ^
here
A1. A synt ax error in t he Ansib le playbook on t he ansib le server exists. The error mig ht e xist in line 29, co lum n 11.
4. Use the MTPuTTY application to open a session to SA-Ansible.
5. Enter the cd /etc/ansible command to change to the Ansible directory on this server.
6. Enter nano nginx.yaml to open the Nginx playbook in the nano editor.

A2. install nginx
The c ode in t he tas k has a semic olo n instead of a co lon.
7. Correct the task install nginx code syntax by replacing the semicolon with a colon.
8. Press Ctrl+X and enter Y to save your corrected playbook.
339
Task 4: Test Your Final Corrected Ansible Blueprint
You verify that the corrected Ansible blueprint and playbook works by deploying the blueprint.
1. Click the Cloud Assembly tab in the Chrome browser to go to Cloud Assembly.
Option Action
Deployment Name Enter Ansible-Test-3 in the text box.
Q1. Did your blueprint deploy successfully?

A1. If you have corrected all errors, t he b lueprint m ust deploy suc cessfully.
340
5. Open a new browser tab and go the URL of your virtual machine (http://<172.20.11.xxx>).
341
Lab 31 Deploying vRealize Suite
Lifecycle Manager
Objective and Tasks

Deploy vRealize Suite Lifecycle Manager Using vRealize Easy Installer:
1. Deploy vRealize Suite Lifecycle Manager
342
Task 1: Deploy vRealize Suite Lifecycle Manager
You deploy vRealize Suite Lifecycle Manager using vRealize Easy Installer.
1. On the student desktop, navigate to E:\.
2. Right-click vRealize-Easy-Installer.iso and select Mount.
The vRealize Easy Installer ISO is mounted to the CD-ROM of the student desktop.
3. Double-click the vrlcm-ui-installer folder.
4. Double-click the win32 folder.
5. Double-click installer.exe to run the vRealize Easy Installer.
6. Click Install.
7. On the Introduction page, click NEXT.
8. Select the check box to accept the license agreement and click NEXT.
9. Specify the vCenter Server details on the Appliance Deployment Target page.
Option Action
vCenter Server Enter sa-vcsa-01.vclass.local in the text box.

Hostname
HTTPs Port Enter 443 in the text box.
Username Enter administrator@vsphere.local in the text

box.
10. Click NEXT and accept the vCenter Server certificate.
11. Select the SA-Datacenter location and click NEXT.
12. Select the SA-Management cluster and click NEXT.
13. Select the check box to enable the Thin Disk Mode.
14. Select the SA-Shared-01 datastore and click NEXT.
343
15. Specify the network configuration details.
Option Action
Network Select vRA-LB.
IP Assignment Select static.
Subnet Mask Enter 255.255.255.0 in the text box.
Default Gateway Enter 192.168.50.1 in the text box.
DNS Servers Enter 172.20.10.10 in the text box.
Domain Name Enter vclass.local in the text box.
Provide NTP Server for the appliance Enter 172.20.10.10 in the text box.
16. Click NEXT.
17. Enter VMware1! in the Password text box.
18. Enter VMware1! in the Confirm Password text box.
19. Click NEXT.
20. Specify the vRealize Suite Lifecycle Manager configuration.
Option Action
Virtual Machine Name Enter Lab-vRLCM in the text box.
IP Address Enter 192.168.50.5 in the text box.
Hostname Enter lab-vrlcm.vclass.local in the text box.
Data Center Name Enter SA-Datacenter in the text box.
vCenter Name Enter SA-vCSA-01 in the text box.
Increase Disk Size in GB Enter 20 in the text box.
21. Click NEXT.
22. Enable the Skip vIDM installation and import slider.
23. Click NEXT.
You deploy the VMware Identity Manager cluster from vRealize Suite Lifecycle Manager.
344
24. Click NEXT.
You deploy the vRealize Automation cluster from vRealize Suite Lifecycle Manager.
25. Click SUBMIT.
This step takes about 60 minutes. Do not wait. You can proceed with the next lab.
26. Minimize the vRealize Easy Installer window.
345
Lab 32 Configuring the NSX-T Data
Center Load Balancer
Objective and Tasks

Configure the NSX-T Data Center load balancer for VMware Identity Manager and vRealize
Automation:
1. Create Load Balancers
2. Configure Application Profiles
3. Configure the Persistence Profile
4. Configure Server Pools
5. Configure Virtual Servers
346
Task 1: Create Load Balancers
You create load balancers for VMware Identity Manager and vRealize Automation.
1. Open Chrome.
2. Select NSX Manager from the Infrastructure favorites menu.
5. From the left pane, click Load Balancing.
6. Click ADD LOAD BALANCER.
Option Action
Name Enter vIDM-LB in the text box.
Size Select Small.
Attachment Select T1-vIDM-LB.
You are connecting the Load Balancer to an existing Tier-1 Router already set up by NSX
Administrator.
7. Click SAVE.
a. Click No to close the editor.
8. Click ADD LOAD BALANCER.
Option Action
Name Enter vRA-LB in the text box.
Size Select Small.
Attachment Select T1-vRA-LB.
9. Click SAVE.
a. Click No to close the editor.
347
Task 2: Configure Application Profiles
You create application profiles for VMware Identity Manager and vRealize Automation.
Application profile defines the behavior of a particular type of network traffic.
2. Click the PROFILES tab.
3. Click ADD APPLICATION PROFILE and select Fast TCP.
4. Create the application profile for VMware Identity Manager.
Option Action
Name Enter vIDM-App-Profile in the text box.
Idle Timeout Enter 1800 in the text box.
5. Click SAVE.
6. Follow earlier steps to create the application profile for vRealize Automation.
Option Action
Name Enter vRA-App-Profile in the text box.
Idle Timeout Enter 1800 in the text box.
7. Click SAVE.
348
Task 3: Configure the Persistence Profile
You create the persistence profile for VMware Identity Manager. The Persistence profile directs
all related connections to the same server in the pool.
1. Click the PROFILES tab.
2. Click the Application drop-down menu and select Persistence.
3. Click ADD PERSISTENCE PROFILE and select Source IP.
4. Create the persistence profile for VMware Identity Manager.
Option Action
Name Enter vIDM-Persistence-Profile in the text box.
Persistence Entry Timeout Enter 36000 in the text box.
5. Click SAVE.
349
Task 4: Configure Health Monitors
You create health monitors for VMware Identity Manager and vRealize Automation. The active
health monitor is used to test whether a server is available. The health monitor sends
HTTP/HTTPS requests to monitor the application health.
1. Click the MONITORS tab.
2. Click ADD ACTIVE MONITOR and select HTTPS.
3. Create the health monitor for VMware Identity Manager.
Option Action
Name Enter vIDM-Monitor in the text box.
Monitoring Port Enter 443 in the text box.
Monitoring Interval Enter 3 in the text box.
Timeout Period Enter 10 in the text box.
Fall Count Enter 3 in the text box.
4. Click Configure to configure the HTTP Request.
Option Action
HTTP Method Select Get.
HTTP Enter /SAAS/API/1.0/REST/system/health/heartbeat in

Request URL the text box.
5. Click the HTTP Response Configuration tab to configure the HTTP response.
Option Action
HTTP Response Code Enter 200 in the text box and press Enter.
6. Click APPLY.
7. Click SAVE.
8. Click ADD ACTIVE MONITOR and select HTTP.
NOTE: Ensure you select HTTP. You use HTTPS for vIDM Monitor.
350
9. Create the health monitor for vRealize Automation.
Option Action
Name Enter vRA-Monitor in the text box.
Monitoring Port Enter 8008 in the text box.
Monitoring Interval Enter 3 in the text box.
Timeout Period Enter 10 in the text box.
Fall Count Enter 3 in the text box.
10. Click Configure to configure the HTTP Request.
Option Action
HTTP Method Select Get.
HTTP Request URL Enter /health in the text box.
11. Click the HTTP Response Configuration tab to configure the HTTP response.
Option Action
HTTP Response Code Enter 200 in the text box and press Enter.
12. Click APPLY.
13. Click SAVE.
351
Task 5: Configure Server Pools
You create server pools for VMware Identity Manager and vRealize Automation. A server pool
consists of one or more servers that are configured and running the same application.
1. Click the SERVER POOLS tab.
2. Click ADD SERVER POOL.
3. Create the server pool for VMware Identity Manager.
Option Action
Name Enter vIDM-Pool in the text box.
Algorithm Select Least Connection.
Active Monitor Select default-icmp-lb-monitor.
4. Click Select Members.
5. Click ADD MEMBER to add the three VMware Identity Manager nodes.
Option Action (First Node) Action (Second Node) Action (Third Node)
Name Enter Lab-vIDM-01. Enter Lab-vIDM-02. Enter Lab-vIDM-03.
IP Enter 192.168.50.7. Enter 192.168.50.8. Enter 192.168.50.9.
Port Enter 443. Enter 443. Enter 443.
Weight Select 1. Select 1. Select 1.
State Select ENABLED. Select DISABLED. Select DISABLED.
6. Ensure that two pool members are in the Disabled state.
352
7. Click APPLY.
8. Click SAVE.
9. Create the server pool for vRealize Automation.
Option Action
Name Enter vRA-Pool in the text box.
Algorithm Select Least Connection.
Active Monitor Select vRA-Monitor.
10. Click Select Members.
11. Click ADD MEMBER to add the three vRealize Automation nodes.
Option Action (First Node) Action (Second Node) Action (Third Node)
Name Enter Lab-vRA-01. Enter Lab-vRA-02. Enter Lab-vRA-03.
IP Enter Enter Enter

192.168.50.11. 192.168.50.12. 192.168.50.13.
Port Enter 443. Enter 443. Enter 443.
Weight Select 1. Select 1. Select 1.
State Select ENABLED. Select ENABLED. Select ENABLED.
12. Click APPLY.
13. Click SAVE.
353
Task 6: Configure Virtual Servers
You create the virtual server for VMware Identity Manager and vRealize Automation. Virtual
servers receive all the client connections and distribute them among the servers.
1. Click the VIRTUAL SERVERS tab.
2. Click ADD VIRTUAL SERVER and select L4 TCP.
3. Create the virtual server for VMware Identity Manager.
Option Action
Name Enter vIDM-VIP in the text box.
Ports Enter 443 in the text box and press Enter.
Load Balancer Select vIDM-LB.
Server Pool Select vIDM-Pool.
Application Profile Select vIDM-App-Profile.
Persistence Select SOURCE IP.
Source IP Select vIDM-Persistence-Profile.
4. Click SAVE.
5. Click ADD VIRTUAL SERVER and select L4 TCP.
354
6. Create the virtual server for vRealize Automation.
Option Action
Name Enter vRA-VIP in the text box.
Ports Enter 443 in the text box and press Enter.
Load Balancer Select vRA-LB.
Server Pool Select vRA-Pool.
Application Profile Select vRA-App-Profile.
Persistence Select DISABLED.
7. Click SAVE.
8. Log out of NSX-T Policy Manager.
355
Lab 33 Configuring SSL Certificates
Using Microsoft CA
Objective and Tasks

Generate certificate signing requests (CSR) from vRealize Suite Lifecycle Manager and generate
SSL certificates using Microsoft CA:
1. Generate Certificate Signing Requests
2. Separate the Private Key from Certificate Signing Request
3. Sign the SSL Certificates using Microsoft CA
4. Prepare PEM Encoded Certificates
5. Import the Certificates to vRealize Suite Lifecycle Manager
356
Task 1: Generate Certificate Signing Requests
You use vRealize Suite Lifecycle Manager to generate Certificate Signing Requests (CSR) for
VMware Identity Manager and vRealize Automation.
1. Open Chrome.
2. Select vRLCM-Clustered from the vRLCM favorites menu.
3. Log in using the credentials.
• User name: admin@local
4. Click Locker.
5. Click Generate CSR.

6. Generate a certificate signing request for VMware Identity Manager.
Option Action
Name Enter vIDM-CSR.
Common Name Enter lab-vidm.vclass.local.

(CN)
Organization (O) Enter VMware.
Organization Unit Enter EDU.

(OU)
Country Code Enter US.

(C)
Locality (L) Enter Palo Alto.
State (ST) Enter CA.
Key Length Select 2048.
Server Domain/ Enter lab-vidm.vclass.local, lab-vidm-

Hostname 01.vclass.local, lab-vidm-02.vclass.local, lab-
vidm-03.vclass.local.
IP Address Enter 192.168.50.6, 192.168.50.7, 192.168.50.8,

192.168.50.9.
7. Click GENERATE.
357
8. Save the file to C:\Materials\Certs\vIDM directory.
9. From vRealize Suite Lifecycle Manager, click Generate CSR.
10. Enter these details to generate a certificate signing request for vRealize Automation.
Option Action
Name Enter vRA-CSR.
Common Name Enter lab-vra.vclass.local.

(CN)
Organization (O) Enter VMware.
Organization Unit Enter EDU.

(OU)
Country Code (C) Enter US.
Locality (L) Enter Palo Alto.
State (ST) Enter CA.
Key Length Select 2048.
Server Domain/ Enter lab-vra.vclass.local, lab-vra-

Hostname 01.vclass.local, lab-vra-02.vclass.local, lab-
vra-03.vclass.local.
IP Address Enter 192.168.50.10, 192.168.50.11,

192.168.50.12, 192.168.50.13.
11. Click GENERATE.
12. Save the file to C:\Materials\Certs\vRA directory.
358
Task 2: Separate the Private Key from the Certificate Signing Request
You edit the CSR and separate the private key files.
1. Navigate to C:\Materials\Certs\vIDM folder.
2. Right-click the CSR_lab-vidm.vclass.local_EDU.pem file and click Edit with Notepad++.
3. Copy the entire text from -----BEGIN CERTIFICATE REQUEST----- until -----
END CERTIFICATE REQUEST-----.
4. In the Notepad++ application, click File > New.
5. Paste the clipboard content.
This information is the CSR for VMware Identity Manager.
6. In the Notepad++ application, click File > Save As.
7. Enter vIDM.csr as the filename and save the file in the C:\Materials\Certs\vIDM
folder.
8. Click the CSR_lab-vidm.vclass.local_EDU.pem tab in Notepad++.
9. Copy the entire text from -----BEGIN PRIVATE KEY----- until -----END
PRIVATE KEY-----.
This content is the private key for VMware Identity Manager.
359
12. Press Enter at the end of text to add an extra empty line.
This step helps you concatenate multiple files in future tasks.
14. Enter vIDM.key as the filename and save the file in the C:\Materials\Certs\vIDM
folder.
15. Navigate to C:\Materials\Certs\vRA folder.
16. Right-click the CSR_lab-vra.vclass.local_EDU.pem file and click Edit with Notepad++.
17. Copy the entire text from -----BEGIN CERTIFICATE REQUEST----- until -----
END CERTIFICATE REQUEST-----.
360
This content is the CSR for vRealize Automation.
21. Enter vRA.csr as the filename and save the file in the C:\Materials\Certs\vRA
folder.
22. Click the CSR_lab-vra.vclass.local_EDU.pem tab in Notepad++.
23. Copy the entire text from -----BEGIN PRIVATE KEY----- until -----END
PRIVATE KEY-----.
This content is the private key for vRealize Automation.
26. Press Enter at the end of text to add an extra empty line.
This step helps you concatenate multiple files in future tasks.
28. Enter vRA.key as the filename and save the file in the C:\Materials\Certs\vRA
folder.
361
Task 3: Sign the SSL Certificates Using Microsoft CA
You log in to the Domain Controller, which has the Microsoft Certificate Authority role enabled,
and issue certificates for VMware Identity Manager and vRealize Automation.
2. Click the Infrastructure > Microsoft Certificate Services bookmark.
3. Click the Download a CA certificate, certificate chain, or CRL hyperlink.
This step allows you to download the Microsoft CA root certificate.
4. Select Base 64.
VMware products do not support the DER certificate format.
5. Click the Download CA Certificate hyperlink.

You can download the Microsoft CA root certificate.
6. Save the certificate.
a. Enter Root64.cer as the name.
b. Navigate to C:\Materials\Certs\vRA folder.
c. Click Save.
7. Save a copy of the same Root64.cer file to the vIDM folder.
The root certificate must be available in both the vRA and vIDM folders.
8. Go to the Microsoft Certificate Services window in Chrome and click Home at the top-right
corner.
9. Submit the certificate request.
a. Click Request a certificate.
b. Click advanced certificate request.
10. Navigate to C:\Materials\Certs\vIDM folder
11. Open the vIDM.csr file in Notepad++ and copy the entire content.
12. Go to Chrome and paste the CSR content in the Base-64-encoded certificate request text
box.
13. Select VMware from Certificate Template drop-down menu.
The VMware Template can be created using steps from the KB article:
https://kb.vmware.com/s/article/2112009
14. Click Submit.
362
15. Select Base 64 encoded and click Download certificate.
16. Save the certificate.
a. Enter vIDM.cer as the name.
b. Navigate to C:\Materials\Certs\vIDM folder.
c. Click Save.
17. Click Home at the top-right corner.
18. Submit the certificate request.
a. Click Request a certificate.
b. Click advanced certificate request.
19. Navigate to C:\Materials\Certs\vRA folder

20. Open the vRA.csr file Notepad++ and copy the content.
21. Switch to Chrome and paste the CSR content in the Base-64-encoded certificate request
text box.
22. Select VMware from the Certificate Template drop-down menu.
23. Click Submit.
24. Select Base 64 encoded and click Download certificate.
25. Save the downloaded certificate.
a. Enter vRA.cer as the name.
b. Navigate to C:\Materials\Certs\vRA folder.
c. Click Save.
26. From the student desktop, navigate to the C:\Materials\Certs\vIDM folder.
27. Verify that you have the Root64.cer, vIDM.csr, vIDM.key, and vIDM.cer files.
If any file is missing, verify that you have performed all the earlier tasks correctly.
28. From the student desktop, navigate to the C:\Materials\Certs\vRA folder.
29. Verify that you have the Root64.cer, vRA.csr, vRA.key, and vRA.cer files.
If any file is missing, verify that you have performed all the earlier tasks correctly.
363
Task 4: Prepare the PEM Encoded Certificates
You combine the signed certificate, private key, and the root certificate to create the .pem files
for VMware Identity Manager and vRealize Automation.
1. On the student desktop, click the command prompt from the taskbar.
2. Enter the cd C:\Materials\Certs\vIDM command.
3. Enter the copy vIDM.cer + Root64.cer + vIDM.key vIDM.pem command.
This command combines the VMware Identity Manager certificate, private key, and root
certificate into single .pem file.
4. Enter the cd C:\Materials\Certs\vRA command.
5. Enter the copy vRA.cer + Root64.cer + vRA.key vRA.pem command.
This step combines the vRealize Automation certificate, private key, and root certificate to a
single .pem file.
364
Task 5: Import the Certificates to vRealize Suite Lifecycle Manager
You use vRealize Suite Lifecycle Manager to import the .pem files for VMware Identity Manager
and vRealize Automation.
1. Open Chrome.
4. Click Locker.
5. Click IMPORT.
6. Enter vIDM-Cert in the Name text box.
7. Click BROWSE FILE.
8. Navigate to the C:\Materials\Certs\vIDM folder, select the vIDM.pem file, and

click Open.
9. Click IMPORT.
10. Click IMPORT.
11. Enter vRA-Cert in the Name text box.
12. Click BROWSE FILE.
13. Navigate to the C:\Materials\Certs\vRA folder, select the vRA.pem file, and click
Open.
14. Click IMPORT.
365
Lab 34 Deploying the VMware
Identity Manager Cluster
Objective and Tasks

Deploy the VMware Identity Manager cluster using the custom SSL certificates:
1. Reduce The Resource Load On the Management Cluster
2. Deploy the VMware Identity Manager Cluster
3. Validate the Deployment
366
Task 1: Reduce The Resource Load On the Management Cluster
You power off some virtual machines to increase available resources
1. Open Chrome.
2. Select vSphere Client from the Infrastructure favorites menu.
• User name: administrator@vsphere.local
4. Navigate to VMs and Templates.
5. Expand the Lab-VMs folder.
6. Right-click the SA-Ansible virtual machine and click Power > Shudown Guest OS.
7. Right-click the SA-Gitlab virtual machine and click Power > Shudown Guest OS.
367
Task 2: Deploy the VMware Identity Manager Cluster
You deploy VMware Identity Manager cluster using the custom SSL certificate.
1. Open Chrome.
4. Click Lifecycle Operations.
5. Click Create Environment from the left pane.
6. Slide the Install Identity Manager switch to the right to Enable to Install/Import Identity
Manager.
7. Enter the environment details.
Option Action
Environment Name (gloabelenvironment will already be entered

and cannot be changed)
Default Password Select installerPassword.
Datacenter Select SA-Datacenter.
Join the VMware Customer Experience Deselect this option for the lab
Improvement Program
If you do not see InstallerPassword from the drop-down menu, create password "VMware1!"
from the vRealize Suite Lifecycle Manager Locker and use it for the other labs.
If you do not see SA-Datacenter, create Datacenter and with vCenter Server=SA-vCSA-
01.vclass.local, Username=administrator@vsphere.local, Password=VMware1! information.
8. Click NEXT.
9. Select the checkbox for VMware Identity Manager in the upper right corner of the catalog
card.
10. Select New Install for Installation Type.
11. Select 3.3.6 from the Version drop-down menu.
12. Select Cluster from the Deployment Type drop-down menu.
368
13. Click NEXT.
14. Scroll down and select the I agree to the terms & conditions check box.
15. Click NEXT.
16. Select vIDM-Cert and click NEXT.
17. Enter the infrastructure details.
Option Action
Select vCenter Sever Select sa-vcsa-01.vclass.local.
Select Cluster Select SA-Datacenter#SA-Management.
Select Folder Leave Select Folder unselected.
Select Resource Pool Leave Select Resource Pool unselected.
Select Network Select vRA-LB.
Select Datastore Select SA-Shared-01.
Select Disk Mode Select Thin.
18. Enable Use Content Library option.
19. Click NEXT.
20. Click +SELECT CONTENT LIBRARY ITEMS.
a. Expand vRA-Library.
i. Select vidm.
ii. Click SELECT.
21. Click NEXT.
22. Enter the network details.
Option Action
Default Gateway Enter 192.168.50.1.
Netmask Enter 255.255.255.0.
Domain Name Enter vclass.local.
Domain Search Path Enter vclass.local.
369
23. Edit the DNS Servers selection.
a. Click EDIT SERVER SELECTION for DNS Servers.
b. Select DNS-1.
c. Click NEXT.
d. Click FINISH.
24. Click NEXT.
25. Select Medium from the Node Size drop-down menu.
26. Use the default setting of OFF for FIPS Compliance Node.
27. Verify that InstallerPassword is selected for Admin Password (Port 443).
28. Enter configadmin@vclass.local in the Default Configuration Admin Email text

box.
29. Enter configadmin in the Default Configuration Admin Username text box.
30. Verify that InstallerPassword is selected for Default Configuration Admin Password.
31. Select the Sync Group Members check box.
32. Enter the Cluster Virtual IP details.
Option Action
Cluster VIP FQDN Enter lab-vidm.vclass.local.
Database IP Enter 192.168.50.88.
33. Enter the vidm-primary details.
Option Action
VM Name Enter Lab-vIDM-01.
FQDN Enter lab-vidm-01.vclass.local.
IP Address Enter 192.168.50.7.
370
34. Enter the vidm-secondary-1 details.
Option Action
35. Enter the vidm-secondary-2 details.
Option Action
36. Click NEXT.
37. Verify that the precheck does not fail.
a. Click RUN PRECHECK.
b. Review the Manual Checks and select the I have taken care of the manual steps above
and ready to proceed check box.
c. Click RUN PRECHECK, which might take up to 3 minutes.
d. Verify that failed messages do not appear and that you see the message All validations
passed for this environment.
38. Click NEXT.
39. Review the Summary and click SUBMIT.
Monitor the VMware Identity Manager cluster create request. This operation might take over
an hour.
NOTE: If you see any errors during deployment, click Retry and Submit the default values in
vRealize Suite Lifecycle Manager.
371
Task 3: Validate the Deployment
You review the VMware Identity Manager pool status and log in to the console.
1. If you are logged out of vRealize Suite Lifecycle Manager, log in using the credentials.
3. Click Requests from the left pane.
Verify that the VMware Identity Manager cluster create operation has completed
successfully.
10. Click the Degraded option next to the vIDM-Pool Status.

Ensure the following status:
• The Overall Status is Degraded.
• The Operational Status is Realized.
• The Status of primary node (192.168.50.7) is UP.
• The Status of secondary nodes is DISABLED.
The secondary nodes are in the disabled state to ensure the vRealize Automation cluster
installation succeeds.
12. Select vIDM-Clustered from the vIDM favorites menu.
13. Log in to the VMware Identity Manager console.
• User name: configadmin
You have logged in to the VMware Identity Manager console using the load balancer FQDN.
372
Lab 35 Deploying the vRealize
Automation Cluster
Objective and Tasks

Deploy the three-node vRealize Automation cluster using custom SSL certificates:
1. Deploy the vRealize Automation Cluster
373
Task 1: Deploy the vRealize Automation Cluster
You deploy the vRealize Automation cluster using custom SSL certificates.
1. Open Chrome.
5. Click Create Environment from the left pane.
6. Enter the environment details.
Option Action
Environment Name Enter vRA-8.7-Clustered.
Default Password Select installerPassword.
Select Datacenter Select SA-Datacenter.
Join the VMware Customer Experience Deselect this option for the lab
Improvement Program environment.
7. Click NEXT.
8. Select the vRealize Automation product check box.
9. Select 8.7.0 from the Version drop-down menu.
10. Select Cluster from the Deployment Type drop-down menu.
11. Click NEXT.
12. Scroll down and select the I agree to the terms & conditions check box.
13. Click NEXT.
14. Create the license key.
a. Click ADD to add a new license key.

b. Enter vRA8-License for License Alias.
c. Go to https://vmware.bravais.com/s/1cG5O5KQwB0v2mNgNjDe retrieve the vRealize

Automation license key and enter it for the License key.
374
15. Click VALIDATE.
Validation might take a minute or two.
16. Click ADD.
17. Click SELECT.
18. Select vRA8-License and click UPDATE.
19. Click VALIDATE ASSOCIATION.
20. Click NEXT.
21. Select vRA-Cert and click NEXT.
22. Enter the infrastructure details.
Option Action
Select vCenter Sever Select sa-vcsa-01.vclass.local.
Select Cluster Select SA-Datacenter#SA-Management.
Select Folder Do not select a folder.
Select Resource Pool Do not select a resource pool.
Select Network Select vRA-LB.
Select Datastore Select SA-Shared-01.
Select Disk Mode Select Thin.
23. Enable Use Content Library option.
24. Click NEXT.
25. Click +SELECT CONTENT LIBRARY ITEMS.
a. Expand vRA-Library.
i. Select vra.
ii. Click SELECT.
26. Click NEXT.
375
27. Enter the network details.
Option Action
Default Gateway Enter 192.168.50.1.
Netmask Enter 255.255.255.0.
Domain Name Enter vclass.local.
Domain Search Path Enter vclass.local.
28. Click EDIT SERVER SELECTION.
a. Click EDIT SERVER SELECTION.
b. Select DNS-1.
c. Click NEXT.
d. Click FINISH.
29. Select Use NTP Server.
30. Click EDIT SERVER SELECTION.
a. Click EDIT SERVER SELECTION.
b. Select NTP-1.
c. Click NEXT.
d. Click FINISH.
31. Click NEXT.
32. Click Medium on the Node Size drop-down menu.
33. Leave FIPS Compliance Mode set to OFF.
34. Scroll down and enter lab-vra.vclass.local for vra-va FQDN.
35. Leave the SSL terminated at load-balancer check box deselected.
376
36. Enter the vrava-primary node details.
Option Action
VM Name Enter Lab-vRA-01.
FQDN Enter lab-vra-01.vclass.local.
37. Enter the vrava-secondary-1 node details.
Option Action
38. Enter the vrava-secondary-2 node details.
Option Action
39. Click NEXT.
40. Click RUN PRECHECK.
41. There will be one failure message. The VMware Identity Manager node size check will fail
with the indication that the VMware Identity Manager node size is too small. Ignore this
message, the VMware Identity Manager node size is acceptable for this lab environment. If
there are any other error messages go back and resolve them.
42. Click NEXT.
43. Review the Summary and click SUBMIT.
Monitor the vRealize Automation cluster create request. This operation might take over an hour..
44. NOTE: If you see any errors during deployment, click Retry and Submit the default values in
vRealize Suite Lifecycle Manager.
377
Lab 36 Configuring Connector High
Availability
Objective and Tasks

Create a directory and add multiple connectors to enable high availability:
1. Join Appliances to a Domain
2. Create a Directory
3. Enable Connector High Availability
378
Task 1: Join Appliances to Domain
You log in to VMware Identity Manager and join appliances to the Active Directory domain.
1. Open Chrome.
2. Select vIDM-Clustered from the vIDM favorites menu.
3. Log in to the system domain.
The configadmin user is the configuration administrator user name that you specify during
installation.
4. Click the Identity & Access Management tab.

5. Click Setup at the top-right corner.
6. Click Join Domain for the lab-vidm-01.vclass.local appliance.
7. Join the node to the domain.
Option Action
Domain Select Custom Domain.
Domain Name Enter vclass.local in the text box.
Domain User Enter administrator in the text box.
Domain Password Enter VMware1! in the text box.
8. Click Join Domain.
9. Use the earlier steps to join the lab-vidm-02.local appliance to the domain.
10. Use the earlier steps to Join the lab-vidm-03.local appliance to the domain.
379
Task 2: Create a Directory
You create a directory to integrate VMware Identity Manager with the vclass.local Active
Directory.
1. Click Manage at the top-right corner.
2. Click Add Directory and select Add Active Directory over LDAP/IWA.
3. Enter VCLASS in the Directory Name text box.
4. Select lab-vidm-01.vclass.local from the Sync Connector drop-down menu.
5. In the Add Directory wizard, scroll down and configure the domain settings.
Option Action
Base DN Enter dc=vclass,dc=local in the text box.
Bind DN Enter cn=administrator,cn=users,dc=vclass,dc=local in

the text box.
Bind User Enter VMware1! in the text box.

Password
6. Click Test Connection.
Verify that the Connection is Successful message appears.
7. Click Save & Next.
8. Select the vclass.local domain and click Next.
9. Review the required attributes on the Map User Attributes page and click Next.
10. Click the plus (+) icon at the top-right corner.
11. Enter ou=FIN,dc=vclass,dc=local as the group DN.

All the groups from the Finance Organizational Unit in Active Directory are synchronized to
the VMware Identity Manager database.
12. Click Find Groups.
380
13. Select the Select All check box to select all the groups from the Finance OU.
14. Click Next.

15. Click the X icon to delete cn=administrator,cn=users,dc=vclass,dc=local user.
IMPORTANT
Do not add users. You can add users to enterprise groups and synchronize the groups.
16. Click Next.
17. Click Sync Directory.
381
Task 3: Enable Connector High Availability
You edit the identity provider and add additional connectors to enable high availability.
1. Click the Identity Providers tab.
2. Click WorkspaceIDP__1.
3. From the Add a Connector drop-down menu, select lab-vidm-02.vclass.local.
4. Enter VMware1! as the bind user password.

5. Click Add Connector.
6. Use the earlier steps to add the lab-vidm-03.vclass.local connector.
7. Edit the IdP host name to lab-vidm.vclass.local.
8. Click Save.
9. Log out as configadmin from the top-right corner.
382
Lab 37 Failing Over the VMware
Identity Manager Node
Objective and Tasks

Shut down the primary VMware Identity Manager node and monitor the failover:
1. Review the VMware Identity Manager Cluster Health
2. Shut Down the Primary Node and Monitor the Cluster
3. Power On the Node and Monitor the Cluster
383
Task 1: Review the VMware Identity Manager Cluster Health
You check the cluster health and review the roles assigned to the VMware Identity Manager
cluster nodes.
1. Open Chrome.
3. Log in by using the credentials.
4. Click the bell notification icon at the top-right corner.
The vIDM postgres cluster health status is ok message appears.
5. Click the X icon to clear the notification.
6. Click the MTPuTTY icon on the toolbar of the Student-A desktop.
7. Double-click Lab-vIDM-01.
8. Obtain the pgpool password.
cat /usr/local/etc/pgpool.pwd
9. Select the password and use CTL-C to copy the password into the cut and paste buffer.
10. Save the password in a new tab in Notepad++.
11. Obtain the pgpool master.
su root -c "echo -e
'<password>'|/usr/local/bin/pcp_watchdog_info -p 9898 -h
localhost -U pgpool"
NOTE
You can copy this command from the C:\Materials\Commands\vIDM-

Cluster.txt file and paste it. But you must edit the command and paste the actual
password in as a replacement for <password> in -e '<password>'. The password must be
inside the single quotes. For example:
su root -c "echo -e
'8f20a13bc339421b86b8de81af588192'|/usr/local/bin/pcp_watchd
og_info -p 9898 -h localhost -U pgpool"
Only one of the VMware Identity manager nodes must be assigned the MASTER role.
384
12. Obtain the Postgres primary node.
su postgres -c "echo -e
'<password>'|/opt/vmware/vpostgres/current/bin/psql -h
localhost -p 9999 -U pgpool postgres -c \"show pool_nodes\""
NOTE
Use the same password that you used to determine the master node.
13. Record the IP address for the node that has the PostgreSQL primary role. __________
NOTE
Only one node is assigned the PostgreSQL primary role.
14. Use SSH to access the PostgreSQL primary node.
IP Address Host Name
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
15. Review the delegate IP address.
ifconfig eth0:0 | grep 'inet addr:' | cut -d: -f2

This response must be 192.168.50.88 Bcast.
Leave the SSH session open for the next task.
385
Task 2: Shut Down the Primary Node and Monitor the Cluster
You shut down the primary Workspace ONE Access node and monitor the failover.
You recorded the IP address in an earlier task.
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
2. Shut down the primary node.
shutdown -h now
3. Use SSH to access one of the remaining Workspace ONE Access nodes.
4. Obtain the pgpool master.
su root -c "echo -e
'password'|/opt/vmware/vpostgres/current/bin/psql -h
The primary role is assigned to a different node.
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
386
7. Review the delegate IP address.
ifconfig eth0:0 | grep 'inet addr:' | cut -d: -f2

This response must be 192.168.50.88 Bcast.
8. Leave your SSH session logged into one of the VMware Identity Manger nodes.
9. Switch to the Lifecycle Manager Chrome tab.
10. Click Environments in the left pane.
11. Click VIEW DETAILS for globalenvironment.
12. Trigger a cluster health check.
a. Click the dotted horizontal line.
b. Click Trigger Cluster Health.
c. Click SUBMIT.
The request completes successfully and a notification appears at the top-right corner. If
you do not see the notification, refresh the browser tab.
The vIDM postgres cluster health status is critical. message

appears. The status reports critical because one of the nodes is down.
14. Click the X icon to clear the notification.
Leave the vRealize Suite Lifecycle Manager window open for the next task.
387
Task 3: Power On the Node and Monitor the Cluster
You power on the VMware Identity Manager node and monitor the cluster status.
1. Open a tab in Chrome.
2. Select vSphere Client from the Infrastructure favorites menu.
3. Log in to the vSphere Client.
• User name: administrator@vsphere.local
4. Power on the VMware Identity Manager node that you shut down earlier.
You might need to wait for 5 minutes for the service to initialize.
5. Return to your session in MTPuTTY that is logged into one of the VMware Identity Manager
nodes.
6. Use the up arrow to repeat the command to obtain the pgpool master.
su root -c "echo -e
The MASTER and STANDBY roles must be assigned to the respective nodes.
8. Record the primary node. __________
9. Verify that the status of all the nodes is up.
10. If the status of the powered on node is down, use SSH to access the node.
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
11. Stop the Postgres service.
service vpostgres stop
388
12. Recover the failed node.
/usr/local/bin/pcp_recovery_node -h 192.168.50.88 -p 9898 -U

pgpool -n <node_id>
You recorded the node-ip in a previous step.
13. Enter the same password if prompted.
14. Validate the status.

15. Verify that the status of all the nodes is up.
16. Click Environments from the left pane.
17. Click VIEW DETAILS for globalenvironment.
18. Trigger a cluster health check.
a. Click the dotted horizontal line.
b. Click Trigger Cluster Health.
c. Click SUBMIT.
The request completes successfully and a notification appears at the top-right corner. If
you do not see the notification, refresh the browser tab.
The vIDM postgres cluster health status is ok message appears.
20. Log out of vRealize Suite Lifecycle Manager and close the browser tab.
21. Exit all the SSH sessions and close the MTPuTTY application.
389
Lab 38 Reviewing the vRealize
Automation Cluster
Objective and Tasks

View the vRealize Automation cluster and deployed services:
1. View the Cluster Status
2. View the Kubernetes Core Services
3. View the vRealize Automation Services and Pods
390
Task 1: View the Cluster Status
You view the vRealize Automation cluster status from the load balancer and the command line.
1. Open Chrome.
3. Log in to NSX Policy Manager.
5. Click Load Balancing In the left pane.
7. Click the Success status for vRA-Pool.
Verify that the following status is UP:
• Overall status
• Operational status
• Status of all the three nodes
8. Log out of NSX Policy Manager and close the Chrome tab.
9. Start MTPuTTY from the taskbar.
10. Double-click Lab-vRA-01.
11. Verify the cluster status.

vracli status
391
Task 2: View the Kubernetes Core Services
You view the core (first boot) services that Kubernetes includes in the vRealize Automation
appliance.
1. If you are logged out of the MTPuTTY session, double-click the Lab-vRA-01 server.
2. List the network adapters.
ifconfig | less
3. Enter q to exit from the list.
4. List the namespaces.
kubectl get namespaces

5. Run the command to list the kube-system pods.
kubectl get pods -n kube-system

6. List the ingress pods.
kubectl get pods -n ingress

7. Close the MTPuTTY application.
392
Task 3: View the vRealize Automation Services and Pods
You view the Kubernetes services that vRealize Automation includes.
1. If you are logged out of the MTPuTTY session, double-click the Lab-vRA-01 server.
2. List the namespaces.

kubectl get namespaces
3. List the vRealize Automation pods.
kubectl get pods -n prelude

4. List the vRealize Automation services.
kubectl get services -n prelude

5. List the vRealize Automation deployments.
kubectl get deployments -n prelude

6. Close the MTPuTTY application.
393
Lab 39 Failing Over the vRealize
Automation Node
Objective and Tasks

Shut down the primary vRealize Automation appliance and monitor the cluster health:
1. Shut Down the Primary Node and Monitor the Cluster
394
Task 1: Shut Down the Primary Node and Monitor the Cluster
You shut down the primary vRealize Automation node and monitor the failover.
1. Start MTPuTTY from the taskbar.
2. Double-click Lab-vRA-01.

vracli status
4. Shut down the primary node.
shutdown -h now
5. SSH to the Lab-vRA-02 node.
vracli status
The primary vRealize Automation node cloud be postgres-1, which correlates to the Lab-
vRA-02 VM. It is possible that the primary node is postgres-2, which correlates to the Lab-
vRA-03 VM.
7. Open Chrome.
8. Select vRA-Clustered from the vRA favorites menu.
10. Log in to the vRealize Automation console.
13. Under Connections, click Cloud Accounts.
14. Click +ADD CLOUD ACCOUNT.
15. Click vCenter.
395
16. Create a vCenter Server cloud account.
Option Action
Name Enter SA-vCSA-01 in the text box.
vCenter IP address/FQDN Enter sa-vcsa-01.vclass.local in the text box.
Username Enter administrator@vsphere.local in the text box.
17. Leave the Chrome tab open for the next task.
You added a cloud account to demonstrate that vRealize Automation cluster can manage
one node failure.
396
Lab 40 Troubleshooting Scenario:
Correct a Blueprint from a YAML File
Task 1: Import a Blueprint

Import a yaml file from a developer to the blueprint system and correct mistakes. The developer
has never worked with vRealize Automation so there are a few errors in the yaml file.
Assembly.
IMPORTANT
You verify that you log in to the vRA-Standard system.
a. Open Chrome.
NOTE
If you see a Your connection is not private warning, click Advanced and click Proceed
to sa-vra-01.vclass.local (unsafe).
NOTE
If you see a Your connection is not private warning, click Advanced and click Proceed
to sa-vidm-01.vclass.local (unsafe).
397
d. Verify that the vclass.local domain is selected and click Next.
3. Click Blueprints.
4. Click UPLOAD.
5. Enter Troubleshooting Scenario in the Name text box.
6. Enter This is a troubleshooting blueprint deployment. in the

7. Click VMW-ENG from the Project drop-down menu.
8. Click the No file chosen text to open the file navigation window.
a. Navigate to C:\Materials\blueprints.
b. Click the troubleshooting scenario 2.yaml name.
c. Click Open.
9. Click UPLOAD.
10. The imported blueprint will have a few errors.
a. What happens during the validation test?
b. Do you see any formatting issue?
c. What objects are called in the blueprint?
398
Task 2: Overview of Troubleshooting Techniques
1. Validate the blueprint using the VALIDATE button.
a. The validation system guides you to the first issue in the YAML file from top to bottom.
You must validate multiple times to find all the issues.
b. What errors are shown on the screen?
c. What objects are called and what are the tags associated to the objects. Do they
correspond to the correct networks?
2. Investigate the tags to infrastructure. You can copy the tags from the blueprint and retype
the start to auto populate the tags for you.
a. Do the objects reference valid templates and blueprints in vCenter Server?
b. Are the tags correct? Spelling and Capitalization are important in blueprints.
3. Validate Object names to references.
a. Do the names and objects reference the right values in the rest of the blueprint. Many
objects can be customized to new names.
399
Task 3: Resolution
1. To resolve this issue. the understanding of blueprints, tagging, and resource deployments.
2. The first step is running the validation test. You receive direct errors on YAML lines to
resolve. You see a VALIDATE button on the bottom of the blueprint.
3. The red exclamation point and warning message mention an indentation issue with the
volume name field. This is because the name has to be in the properties field. copy the name
field from the current location and place it under properties. The indentation should match
the indentation of capacityGb.
4. The red exclamation should now move to the next name field. Notice the input value does
not match the previous field. The Inputs.hostname should state Input.Hostname
since it is case sensitive and Input is a predefined variable type.
5. The red exclamation will now move to the network line, - network:
'${resource.Cloud_NSX_Network_1.id}'. This line was generated by dragging the network
object to the machine object. After being created the network name was changed to SA-
Management, so the value no longer matches. this can be corrected by either dragging the
line from SA-Management to the machine object or changing the text to - network:
'${resource.SA-Management.id}'.
6. A follow up validation should give a green banner across the top. You should now be able to
deploy the virtual machine and see the added drive and the virtual machine should be
connected to the network.
400
Answer Key
Lab 3 Troubleshooting an Advanced Blueprint

A1. The Setting Hostname string is missing a closing quotation.
A2. The hostnamectl command does not use the correct host name variable.
Q3. What is the third problem in the YAML code?
A3. A colon was not properly escaped with two following double quotation marks. This code
is on the code line 73 where the code is - echo " ens160:"" >>
/root/myconfig/50-cloud-init.yaml .
Q4. Do any other problems exist in the YAML code?
A4. The - mkdir /datadisk command is incorrectly indented.
Lab 9 Deploying the Blueprint and Validating the NSX-T Data Center Objects
Q1. Do you see three networks created from Web, App, and DB profiles?
A1. Yes.
Q2. In the Logical ports column, why do you see four ports for the Net-Web logical switch?
A2. The blueprint has deployed two web nodes.
Q3. Do you see three Tier-1 routers for Web, App, and DB VMs?
A3. Yes.
Q4. Are the Tier-1 routers connected to the Tier-0 router?
A4. Yes.
Q5. Do you see three on-demand security groups created for Web, App, and DB VMs?
A5. Yes.
Q6. Why do you see two Direct Members for the SG-Web security Group?
A6. The blueprint has deployed two web nodes.
Q7. What is the Destination defined for Web-Block-Rule?
401
A7. VMware-Common-Web security group.
Q8. Do you see the LB-Web prefix assigned for the load balancer?
A8. Yes.
Q9. What is the protocol and port assigned to the virtual server?
A9. TCP 443.
Q1. You cannot ping the Web node but you can use SSH. Why?
A1. Security Rule exists in NSX-T Data Center to block the ICMP traffic.
Q2. You cannot access port 80. You are able to access port 443. Why?
A2. Security Rule is in NSX-T Data Center to block the HTTP traffic.
Lab 19 Troubleshooting an ABX FLow
Q1. What is missing?
A1. A variable named tagControl.
Q2. Where is the tagControl variable defined?
A2. The tagControl variable must be defined before you use it in a switch. You can hard-
code it to the action-flow code. The most useful place to define variable is in the previous
action (Bad-Rename-vSphere-VM) and to base it off of the tagControl YAML custom
property. The tagControl custom property is loaded from the tagInput variable.
Q1. Is the tagControl variable defined, based on the tagControl custom property ?
A1. Yes. The tagControl = inputs.customProperties.tagControl; statement
exists.
Q2. Is the tagControl variable passed as an output to the main action flow?
A2. No. The new VM name is passed as an output in outputs.resourceNames[0] =
newName; but no output line for tagControl exists.
Lab 24 Calling Cloud Assembly and vRealize Orchestrator from vRealize
Automation Code Stream
A1. The YAML blueprint has a pattern that forces input values to be in the 172.20.11.180 -
172.20.11.199 range. You ran the pipeline with the default inputs. The default IP in the
pipeline is set to 172.20.11.175, which is outside the allowed range.
Lab 30 Troubleshooting Ansible and vRealize Automation
Q1. Is there a problem in groups part of the YAML code?
A1. Yes, the groups in the YAML code must be nginxWebServers, not nginxWebServer.
402
A2. The Ansible integration account is set to SA-Ansibles. It must be set to SA-Ansible.
A3. The Cloud_Ansible_1 component is not connected to Cloud_vSphere_Machine_1.
A1. A communications problem between the Ansible Control Machine and the virtual machine
on which it is trying to install software exists.
A2. The playbook run does not work from vRealize Automation. A communications problem
between Ansible and the virtual machine it configures exists.
Q3. Ansible always uses SSH to communicate. What user account is the YAML blueprint
trying to use to log into the virtual machine from the Ansible Control Machine?
A3. The vmware user account.
Q4. Does the user account vmware exist? Does the account have the rights to log in from
SSH?
A4. If you open a console to the virtual machine that was deployed, you can confirm that the
vmware user account exists and you can log in with the user account. If you try to use
the MTPuTTY application to connect to the deployed virtual machine using the vmware
user account, the SSH session fails. The vmware user account does not have the rights to
log in from SSH.
A1. A syntax error in the Ansible playbook on the ansible server exists. The error might exist
in line 29, column 11.
A2. The code in the task install nginx has a semicolon instead of a colon.
Q1. Did your blueprint deploy successfully?
A1. If you have corrected all errors, the blueprint must deploy successfully.
403

Edu en Vraaft8 Lab Ie

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Edu en Vraaft8 Lab Ie

Uploaded by

Copyright:

Available Formats

VMware vRealize Automation:

Advanced Features and

VMware® Education Services

The following typographical conventions are used in this course.

Conventions Usage and Examples

Monospace Identifies command names, command options, parameters, code

• Run the esxtop command.

• ... found in the /var/log/messages file.

Monospace Identifies user inputs:

Boldface Identifies user interface controls:

• Click the Configuration tab.

Italic Identifies book titles:

• vSphere Virtual Machine Administration

<> Indicates placeholder variables:

• ... the Settings/<Your_Name>.txt file

Lab 1 Creating and Deploying a MySQL Server.................................................................. 1

Objective and Tasks

1. Upload and Review a MySQL Server Blueprint

2. Deploy and Delete the MySQL Server

b. Click the Infrastructure > vSphere Client bookmark in Chrome.

You verify that you log in to the vRA-Standard system.

b. Click the vRA > vRA-Standard bookmark in Chrome.

If the Your connection is not private warning appears, click Advanced

c. Click GO TO LOGIN PAGE.

If the Your connection is not private warning appears, click Advanced

d. Verify that the vclass.local domain is selected and click Next.

f. Click Cloud Assembly.

3. Navigate to Design > Blueprints.

Name Enter MySQL-Server in the text box.

Description Enter A virtual appliance with a front end, web

Project Select VMW-ENG.

Blueprint Select Share only with this project.

Upload file: C:\Materials\Blueprints\Answers\MySQL-Server-

5. Click the MySQL-Server blueprint to open it.

Only one cloud agnostic machine is connected to a single cloud network.

networkType: existing (VMW-Production)

constraints: -tag: with the value 'net:production'

The network is an existing network. It is described in the VMW-Production network profile in

The Cloud.Machine resource has the following YAML code.

• The predefined image is the VMW-Ubuntu-Cloud image, which is defined in

• The mysql Cloud.Machine is connected to the Cloud_Network_1 resource network.

The input variables have the following YAML code.

Several cloudConfig directives to install software packages are available.

The server uses the following default software packages:

10. View the complete YAML code for the blueprint.

If the blueprint test fails, correct any syntax problems.

12. Click CLOSE.

1. Navigate to Design > Blueprints.

2. Select the MySQL-Server blueprint.

3. Deploy the MySQL-Server blueprint.

Deployment Type Select Create a new-deployment (default).

Deployment Name Enter MySQL-Only in the text box.

Blueprint Version Select Current Draft

Inputs Use all the default values.

7. Close the remote console.

8. Go to the VMware Cloud Services browser tab.

9. Click the Deployments tab.

10. Delete the MySQL-Only deployment.

Objective and Tasks

1. Upload a YAML Blueprint That Creates a Netplan Configuration file

2. Deploy and Delete the Blueprint Deployment

b. Click the vRA > vRA-Standard bookmark in Chrome.

c. Click GO TO LOGIN PAGE.