Professional Documents
Culture Documents
Copyright © 2022 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of
VMware, Inc. in the United States and/or other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. VMware vSphere®
Client™, VMware vSphere®, VMware vRealize® Suite Lifecycle Manager™, VMware vRealize®
Orchestrator™, VMware vRealize® Automation Code Stream™, VMware vRealize®
Automation Cloud™, VMware vRealize® Automation™ , VMware vRealize®, VMware vCenter
Server®, VMware Workspace ONE® Access™, VMware View®, VMware Horizon® View™,
VMware Verify™, VMware Cloud™ on AWS GovCloud (US), VMware Cloud™ on AWS
Outposts, VMware Service Broker™, VMware Photon™, VMware NSX-T™ Data Center,
VMware NSX-T™, VMware NSX® Manager™, VMware NSX®, VMware Go™, VMware ESXi™,
VMware Code Stream™, VMware Cloud Assembly™ and VMware ACE™ are registered
trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
The training material is provided “as is,” and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular
purpose or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the
possibility of such claims. This material is designed to be used for reference purposes in
conjunction with a training course.
The training material is not a standalone training tool. Use of the training material for self-
study without class attendance is not recommended. These materials and the computer
programs to which it relates are the property of, and embody trade secrets and confidential
information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed,
transferred, adapted or modified without the express written approval of VMware, Inc.
www.vmware.com/education
Typographical Conventions
• <ESXi_host_name>
www.vmware.com/education
Contents
v
Task 2: Deploy Your Blueprint.................................................................................................................................... 41
Task 3: Examine the Blueprint with the Front-End Server Added .............................................................. 42
Task 4: Verify Your Static IP Input Variables for the Front-End Server.................................................... 43
Task 5: Examine the Software Packages.............................................................................................................. 44
Task 6: Examine the MySQL User Configuration ............................................................................................... 45
Task 7: Examine Your Network Configuration for the Front-End Server................................................. 46
Task 8: Examine the MySQL User Configuration ............................................................................................... 48
Task 9: Examine the Complete YAML for the Front-End Virtual Machine ............................................... 50
Task 10: Test and Delete the Two Servers .......................................................................................................... 54
Lab 6 Installing phpMyAdmin ................................................................................................ 56
Task 1: Upload a YAML Blueprint That Deploys a Front-End Server With phpMyAdmin Installed .57
Task 2: Deploy Your Blueprint................................................................................................................................... 58
Task 3: Examine the Installation Code for the phpMyAdmin Server .......................................................... 59
Task 4: Test and Delete the Deployment ............................................................................................................. 69
Lab 7 Configuring phpMyAdmin to Connect to the MySQL Server........................ 72
Task 1: Upload the YAML Blueprint ..........................................................................................................................73
Task 2: Deploy Your Blueprint................................................................................................................................... 74
Task 3: Examine the YAML Code That Connects the Front-End phpMyAdmin Server to the Back-
End MySQL Server .......................................................................................................................................75
Task 4: Test and Delete the Two Servers............................................................................................................ 78
Task 5: Redeploy Your Blueprint with Nondefault Variables .......................................................................... 81
Lab 8 Creating a Blueprint Using the NSX-T Data Center Components................ 83
Task 1: Create Network Profiles ............................................................................................................................... 84
Task 2: Create the Multitier Blueprint: Define Virtual Machines..................................................................... 88
Task 3: Create the Multitier Blueprint: Define Networks ................................................................................. 90
Task 4: Create the Multitier Blueprint: Define Security Groups ..................................................................... 91
Task 5: Create the Multitier Blueprint: Define the Load Balancer ................................................................ 93
Task 6: Connect Network Components to Virtual Machines......................................................................... 94
Lab 9 Deploying the Blueprint and Validating the NSX-T Data Center Objects . 97
Task 1: Deploy the 3-Tier Blueprint.......................................................................................................................... 98
Task 2: Review the Deployed NSX-T Data Center Objects .......................................................................... 99
Task 3: Validate the Application and Load Balancer ........................................................................................ 101
Task 4: Validate the Security Rules ....................................................................................................................... 103
Task 5: Save the Lab Resources ............................................................................................................................ 104
vi
Lab 10 Using vRealize Orchestrator to Create a DNS Entry When vRealize
Automation Deploys a System ........................................................................................... 105
Task 1: Prepare Your PowerShell Host ................................................................................................................ 106
Task 2: Connect Your PowerShell Endpoint in vRealize Orchestrator .................................................... 108
Task 3: Import and Modify a YAML Blueprint That Creates an Ubuntu VM with a Static IP Address
............................................................................................................................................................................ 110
Task 4: Import a vRealize Orchestrator Package .............................................................................................. 112
Task 5: Wait for the Data Collection ....................................................................................................................... 115
Task 6: Create a Subscription ....................................................................................................................................116
Task 7: Deploy Your Ubuntu System ..................................................................................................................... 118
Lab 11 Using vRealize Orchestrator to Delete a DNS Entry When vRealize
Automation Deploys a System ............................................................................................. 121
Task 1: Import and Modify a vRealize Orchestrator Workflow .................................................................... 122
Task 2: Wait for the Data Collection ...................................................................................................................... 125
Task 3: Create a Subscription ...................................................................................................................................126
Task 4: Delete the Ubuntu System.........................................................................................................................128
Lab 12 Creating a Custom Resource to Manage Active Directory Users ............ 130
Task 1: Connect Your Active Directory Server in vRealize Orchestrator ................................................. 131
Task 2: Connect Your vCenter Server System in vRealize Orchestrator ...............................................134
Task 3: Create a Custom Resource .......................................................................................................................136
Task 4: Import and Modify a YAML Blueprint That Creates an Ubuntu VM with a User Account 140
Task 5: Deploy the Ubuntu System and Test the Custom Resource........................................................145
Task 6: Test the Add a User to a User Group Additional Action................................................................148
Task 7: Test the Additional Actions ...................................................................................................................... 150
Task 8: Delete the Ubuntu System and the Active Directory User ............................................................ 151
Lab 13 Creating a Resource Action to Move a Virtual Machine to a Folder ........ 152
Task 1: Deploy a Virtual Machine to Test Your Resource Action................................................................ 153
Task 2: (Optional) Add a vCenter Server Instance to vRealize Orchestrator........................................ 155
Task 3: Create Your Binding Action ....................................................................................................................... 157
Task 4: Test Your Binding Action .......................................................................................................................... 160
Task 5: Create a vRealize Automation Resource Action ...............................................................................162
Task 6: Test Your Resource Action .......................................................................................................................164
Lab 14 Creating a Content Source from vRealize Orchestrator.............................. 166
Task 1: Create a Content Source from a vRealize Orchestrator Workflow............................................ 167
vii
Task 2: Share the New Content ..............................................................................................................................168
Task 3: Run the New Catalog Item .........................................................................................................................169
Task 4: Verify the Deployment ................................................................................................................................170
Lab 15 Creating an ABX Action to Rename a Virtual Machine .................................. 171
Task 1: Create an Action Script ................................................................................................................................ 172
Task 2: Create a Subscription ................................................................................................................................... 175
Task 3: Upload a Blueprint ......................................................................................................................................... 177
Task 4: Test Your Action by Deploying the Blueprint .................................................................................... 178
Task 5: Delete the Deployment to Save the Lab Resources ........................................................................ 181
Task 6: Disable the Rename VM on Deployment Subscription ..................................................................... 181
Lab 16 Creating an ABX Action to Tag a Virtual Machine..........................................182
Task 1: Create an Action Script ................................................................................................................................183
Task 2: Create a Subscription ...................................................................................................................................186
Task 3: Upload and Modify a Blueprint ..................................................................................................................188
Task 4: Test Your Action by Deploying the Blueprint ................................................................................... 190
Task 5: Delete the Deployment to Save the Lab Resources ....................................................................... 192
Lab 17 Creating an ABX Action to Dump the Payload................................................193
Task 1: Create an Action Script ................................................................................................................................194
Task 2: Create a Subscription ...................................................................................................................................196
Task 3: Test Your Action By Deploying the Blueprint ....................................................................................198
Task 4: Delete the Deployment to Save the Lab Resources .......................................................................199
Lab 18 Combining ABX Actions to an ABX Flow........................................................ 200
Task 1: Create an Action Flow ................................................................................................................................. 201
Task 2: Add a Conditional Statement to Your Action Flow ....................................................................... 205
Task 3: Modify the First Action Script to Output Custom Properties..................................................... 208
Task 4: Create a Subscription................................................................................................................................. 209
Task 5: Modify an Existing Blueprint ........................................................................................................................ 211
Task 6: Test Your Action by Deploying the Blueprint..................................................................................... 213
Task 7: Verify Your Deployments and Actions.................................................................................................. 215
Task 8: Delete the Deployment to Save the Lab Resources ....................................................................... 218
Lab 19 Troubleshooting an ABX FLow ............................................................................. 219
Task 1: Import Several Actions ............................................................................................................................... 220
Task 2: Create a Subscription ................................................................................................................................... 221
viii
Task 3: Test Your Action by Deploying the Blueprint .................................................................................... 223
Task 4: Troubleshoot the Problems in Your Actions......................................................................................224
Task 5: Correct the Code in Bad-Rename-vSphere-VM ...............................................................................226
Task 6: Test Your Corrected Action by Deploying the Blueprint .............................................................. 228
Task 7: Verify Your Deployments and Actions.................................................................................................229
Task 8: Delete the Deployments to Save the Lab Resources ..................................................................... 231
Lab 20 Build a Deployment in Kubernetes ..................................................................... 232
Task 1: Build a Simple Container .............................................................................................................................. 233
Task 2: Expose the Container to the Cluster IP ...............................................................................................234
Task 3: Create a Single Deployment..................................................................................................................... 235
Task 4: Deploy the Pod and Service .................................................................................................................... 237
Lab 21 Deploying a Load Balanced Deployment in Kubernetes .............................238
Task 1: Create a Replica Set of Multiple Pods ...................................................................................................239
Task 2: Deploy and Verify the Replica Set ..........................................................................................................241
Lab 22 Using vRealize Automation Code Stream to Deploy a Basic Container242
Task 1: Create a Kubernetes Namespace ...........................................................................................................243
Task 2: Set Up the Pipeline...................................................................................................................................... 244
Task 3: Set Up Parameters for the Pod ..............................................................................................................246
Task 4: Set Up Parameters for the Network Service ....................................................................................248
Task 5: Deploy the Container ................................................................................................................................. 250
Task 6: Verify Your Container Creation................................................................................................................ 251
Lab 23 Using vRealize Automation Code Stream to Build a Replica Set Container
with a Load Balancer .............................................................................................................. 252
Task 1: Create a Kubernetes Namespace ........................................................................................................... 253
Task 2: Set Up the Pipeline.......................................................................................................................................254
Task 3: Set up Parameters for the Pod ............................................................................................................... 255
Task 4: Configure the Build Namespace Task ................................................................................................... 257
Task 5: Configure the Build Namespace Local YAML File ........................................................................... 258
Task 6: Build the Build Replica Set Stage ............................................................................................................259
Task 7: Build the Build Replica Set Task ............................................................................................................. 260
Task 8: Build the Build Services Stage .................................................................................................................262
Task 9: Configure the Expose 80 Task ...............................................................................................................263
Task 10: Create the Update Load Balancer Task.............................................................................................264
Task 11: Verify Your Pipeline.....................................................................................................................................266
ix
Task 12: Deploy the Container ................................................................................................................................270
Task 13: Verify Your Container Creation with One Pod ................................................................................. 271
Task 14: Deploy the Container with Two Pods.................................................................................................. 271
Task 15: Verify Your Container Creation With Two Pods ............................................................................ 272
Lab 24 Calling Cloud Assembly and vRealize Orchestrator from vRealize
Automation Code Stream..................................................................................................... 273
Task 1: (Optional) Prepare Your PowerShell Host ...........................................................................................274
Task 2: (Optional) Connect Your PowerShell Endpoint in vRealize Orchestrator ............................... 276
Task 3: Import a vRealize Orchestrator Package ............................................................................................ 278
Task 4: Tag Your vRealize Orchestrator Workflow ...................................................................................... 280
Task 5: (Optional) Upload a YAML Blueprint That Deploys an Ubuntu Server with a Static IP
Address ...........................................................................................................................................................281
Task 6: Release Your Blueprint ...............................................................................................................................282
Task 7: Add a vRealize Orchestrator Endpoint to vRealize Automation Code Stream .................... 283
Task 8: Set Up the Pipeline.......................................................................................................................................284
Task 9: Configure Inputs for the Pipeline ............................................................................................................285
Task 10: Configure the Deploy VM Task ............................................................................................................. 287
Task 11: Configure the Add IP TO DNS Task .....................................................................................................289
Task 12: Run the Pipeline ............................................................................................................................................291
Task 13: Rerun the Pipeline .......................................................................................................................................294
Lab 25 Configuring the GitLab Repository .................................................................... 296
Task 1: Configure GitLab ............................................................................................................................................ 297
Task 2: Configure the GitLab Repository............................................................................................................299
Lab 26 Integrating GitLab with vRealize Automation ................................................. 301
Task 1: Create GitLab Integration .......................................................................................................................... 302
Task 2: Modify the Blueprints in GitLab............................................................................................................... 304
Lab 27 Configuring and Using Ansible............................................................................. 305
Task 1: Configure Ansible ......................................................................................................................................... 306
Task 2: Create a Playbook ....................................................................................................................................... 310
Task 3: Install Software with Ansible ..................................................................................................................... 313
Task 4: Verify That Apache Is Installed Successfully ....................................................................................... 315
Task 5: Delete the Virtual Machine to Save the Lab Resources ................................................................. 316
Lab 28 Deploying Apache Using Ansible and vRealize Automation ...................... 317
Task 1: Connect to the Ansible Server ..................................................................................................................318
x
Task 2: Create an Ansible Blueprint ..................................................................................................................... 320
Task 3: Test the Ansible Configuration by Deploying the Blueprint ......................................................... 323
Task 4: Delete the Deployment to Save the Lab Resources ......................................................................324
Lab 29 Deploying an Ansible Role..................................................................................... 325
Task 1: Install and View the Ansible Role .............................................................................................................326
Task 2: Create an Ansible Blueprint ......................................................................................................................329
Task 3: Test the Ansible Role by Deploying the Blueprint ............................................................................ 331
Task 4: Delete the Deployment to Save the Lab Resources ...................................................................... 332
Lab 30 Troubleshooting Ansible and vRealize Automation ..................................... 333
Task 1: Import a Broken Ansible Blueprint and Correct Problems .............................................................334
Task 2: Deploy Your Ansible Blueprint and Correct Problems ................................................................... 336
Task 3: Redeploy Your Ansible Blueprint and Correct Problems .............................................................. 339
Task 4: Test Your Final Corrected Ansible Blueprint..................................................................................... 340
Lab 31 Deploying vRealize Suite Lifecycle Manager .................................................. 342
Task 1: Deploy vRealize Suite Lifecycle Manager ............................................................................................343
Lab 32 Configuring the NSX-T Data Center Load Balancer.................................... 346
Task 1: Create Load Balancers ................................................................................................................................347
Task 2: Configure Application Profiles .................................................................................................................348
Task 3: Configure the Persistence Profile...........................................................................................................349
Task 4: Configure Health Monitors ....................................................................................................................... 350
Task 5: Configure Server Pools .............................................................................................................................. 352
Task 6: Configure Virtual Servers ..........................................................................................................................354
Lab 33 Configuring SSL Certificates Using Microsoft CA .........................................356
Task 1: Generate Certificate Signing Requests ................................................................................................. 357
Task 2: Separate the Private Key from the Certificate Signing Request ................................................ 359
Task 3: Sign the SSL Certificates Using Microsoft CA ...................................................................................362
Task 4: Prepare the PEM Encoded Certificates ...............................................................................................364
Task 5: Import the Certificates to vRealize Suite Lifecycle Manager ....................................................... 365
Lab 34 Deploying the VMware Identity Manager Cluster ........................................ 366
Task 1: Reduce The Resource Load On the Management Cluster ............................................................ 367
Task 2: Deploy the VMware Identity Manager Cluster ..................................................................................368
Task 3: Validate the Deployment ........................................................................................................................... 372
Lab 35 Deploying the vRealize Automation Cluster ...................................................373
xi
Task 1: Deploy the vRealize Automation Cluster ............................................................................................. 374
Lab 36 Configuring Connector High Availability ........................................................... 378
Task 1: Join Appliances to Domain ....................................................................................................................... 379
Task 2: Create a Directory.........................................................................................................................................380
Task 3: Enable Connector High Availability ........................................................................................................382
Lab 37 Failing Over the VMware Identity Manager Node.........................................383
Task 1: Review the VMware Identity Manager Cluster Health.....................................................................384
Task 2: Shut Down the Primary Node and Monitor the Cluster .................................................................386
Task 3: Power On the Node and Monitor the Cluster ....................................................................................388
Lab 38 Reviewing the vRealize Automation Cluster .................................................. 390
Task 1: View the Cluster Status ................................................................................................................................391
Task 2: View the Kubernetes Core Services .....................................................................................................392
Task 3: View the vRealize Automation Services and Pods.......................................................................... 393
Lab 39 Failing Over the vRealize Automation Node.................................................. 394
Task 1: Shut Down the Primary Node and Monitor the Cluster .................................................................. 395
Lab 40 Troubleshooting Scenario: Correct a Blueprint from a YAML File .........397
Task 1: Import a Blueprint ..........................................................................................................................................397
Task 2: Overview of Troubleshooting Techniques..........................................................................................399
Task 3: Resolution ....................................................................................................................................................... 400
Answer Key ............................................................................................................................... 401
xii
Lab 1 Creating and Deploying a
MySQL Server
1
Task 1: Upload and Review a MySQL Server Blueprint
You upload a blueprint that creates a MySQL server. This server is the back-end database for the
two-tier application. You examine the YAML code to ensure that you understand how it works.
1. If you do not have a browser tab open and are logged in to the vSphere Client, open a tab
and log in.
a. Start Chrome.
If Chrome is already running, but a tab logged in to the vSphere Client is not open, open
a new tab.
c. Log in with the administrator@vsphere.local user account and the VMware1! password.
2. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
2
4. Upload a blueprint.
Option Action
6. Verify your single machine and single network exists in the design canvas.
3
7. View the network configuration.
Setting Action
The constraint net:production tag is applied. Only a network profile with the
net:production tag can be used.
8. View the Cloud.Machine configuration.
mysql:
type: Cloud.Machine
properties:
image: VMW-Ubuntu-Cloud
flavor: VMW-Large
networks:
- network: '${resource.Cloud_Network_1.id}'
In the YAML code for the Cloud.Machine resource:
• The name of the machine has changed to mysql. This name is also assigned to the
resource in the Design Canvas.
• The predefined flavor is the VMW-Large flavor, which is defined in Infrastructure >
Flavor Mappings. It specifies 2 vCPUs and 2 GB of memory.
9. View the inputs for the hostname1, hostname2, user, and pass variables.
inputs:
hostname1:
type: string
title: mysql hostname
default: mysql
description: Name of the mysql server. This name will be
4
used to set the internal hostname and is part of the FQDN for
DNS.
hostname2:
type: string
title: frontend hostname
default: frontend
description: Name of the front end server. This name will
be used to set the internal hostname and is part of the FQDN
for DNS.
user:
type: string
title: User name for the mySQL administrator account
default: superadmin
description: This user name will have administrator
privileges in the MySQL database and can be used to log into
the front end server.
pass:
type: string
title: Password for the mySQL administrator account.
encrypted: true
default: VMware1!
description: Password for the MySQL administrator account.
The hostname1 input is the internal host name of the MySQL server. The default is mysql.
The hostname2 input is used for the front-end server as this blueprint gets more complex.
The user input is the user name that is created in this server. The user is also the MySQL
administrator. By default, the user name is superadmin.
The password input is the password for the user that is created. The same password works
for the MySQL user account. The password is an encrypted value with the default value
VMware1!.
• - mysql-server-5.7
• - mysql-client
• - unzip
• - git
5
NOTE
The cloudConfig section in the blueprint mandates that the cloud-init software is installed in
the Ubuntu-Cloud-Template on the vCenter Server System.
formatVersion: 1
inputs:
hostname1:
type: string
title: mysql hostname
default: mysql
description: Name of the mysql server. This name will be
used to set the internal hostname and is part of the FQDN for
DNS.
hostname2:
type: string
title: frontend hostname
default: frontend
description: Name of the front end server. This name will
be used to set the internal hostname and is part of the FQDN
for DNS.
user:
type: string
title: User name for the mySQL administrator account
default: superadmin
description: This user name will have administrator
privileges in the MySQL database and can be used to log into
the front end server.
pass:
type: string
title: Password for the mySQL administrator account.
encrypted: true
default: VMware1!
description: Password for the MySQL administrator account.
resources:
mysql:
type: Cloud.Machine
properties:
image: VMW-Ubuntu-Cloud
flavor: VMW-Large
networks:
- network: '${resource.Cloud_Network_1.id}'
6
cloudConfig: |
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
Cloud_Network_1:
type: Cloud.Network
properties:
networkType: existing
name: VMW-Production
constraints:
- tag: 'net:production'
11. Test your blueprint (click TEST) with all the default values.
7
Task 2: Deploy and Delete the MySQL Server
You deploy the MySQL server and then delete your deployment to save lab resources.
Option Action
4. After your deployment is complete, use the vSphere Client to open a remote console on
your deployed MySQL server.
5. Log in to your deployed virtual machine with the root user account and VMware1! as the
password.
6. Enter the mysql command to verify that the MySQL database is installed.
If you have successfully installed a default MySQL server, the MySQL monitor must start. If
your MySQL monitor does not start, verify your YAML code for errors and redeploy.
8
Lab 2 Using YAML to Create a
Configuration File
In this lab, you use YAML to create a configuration file. You must not set a static IP in YAML from
a hard-coded configuration file. This lab illustrates advanced YAML coding techniques. You do
not set a static IP address in this lab. To set a static IP address in a YAML blueprint with
cloudConfig, use a STATIC directive and prepare your Ubuntu template. For information about
deploying a Linux machine with a static IP address, see Using and Managing vRealize Automation
Cloud Assembly at https://docs.vmware.com/en/vRealize-Automation/8.0/Using-and-
Managing-Cloud-Assembly/GUID-B9291A02-985E-4BD3-A11E-BDC839049072.html.
9
Task 1: Upload a YAML Blueprint That Creates a Netplan
Configuration File
Upload and examine a YAML blueprint that creates a configuration file to set the static IP address
in the Ubuntu system.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
3. Upload a blueprint.
Option Action
10
4. Open the Ubuntu_Static_IP blueprint to examine it.
Setting Action
Setting Action
[0-9]' is the last part of the pattern. It is the third field in the fourth octet of the IP
address. The entry must be any number between 0 and 9.
- mkdir -p /root/myconfig
11
b. Set the host name to the value that is provided as input.
- cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-
cloud-init.yaml.sav
d. Change the file permission on the Netplan file for the cloudConfig script to overwrite.
- touch /root/myconfig/50-cloud-init.yaml
9. Use the blueprint and create a /root/myconfig/50-cloud-init.yaml text file
that appears similar to the following code.
network:
version: 2
ethernets:
ens160:
dhcp: false
addresses: [172.20.11.185]
gateway4: 172.20.11.10
nameservers:
addresses: [172.20.11.10]
The example code uses the standard YAML formatting. The version and ethernets
directives have two spaces before and align with t in network:. The ens160 directive
aligns with h in ethernets. The dhcp4, addresses, gateway4, and nameservers
directives align with s in ens160. The a in the final addresses directive aligns with m in
nameservers. The 172.20.11.185/24 address is used as an example. Your YAML code
must use the ${input.ipaddress} variable so that the actual IP address that is
generated always matches the user's request.
The address that you pass must be xxx.xxx.xx.xxx/24.Your YAML code must append the
/24 to the IP address. For example, you can use the code - echo "addresses:""
[${input.ipaddress}/24]" >> /root/myconfig/50-cloud-
init.yaml to append /24 to the IP address that the user enters.
10. Create the static file.
12
- chmod 777 /etc/netplan/50-cloud-init.yaml
- touch /root/myconfig/50-cloud-init.yaml
- echo "network:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " version:"" 2" >> /root/myconfig/50-cloud-
init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [${input.ipaddress}/24]" >>
/root/myconfig/50-cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >>
/root/myconfig/50-cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
/root/myconfig/50-cloud-init.yaml
The screenshot highlights the YAML code that sets the IP address using the input variable.
11. Copy the temporary file, set permissions, and apply the file in YAML.
- netplan apply
12. View the final part of the YAML code that configures the network file.
13
- cp /root/myconfig/50-cloud-init.yaml /etc/netplan/50-
cloud-init.yaml
- chmod 644 /etc/netplan/50-cloud-init.yaml
- netplan apply
13. View and understand the YAML blueprint for the cloud machine.
Setting Action
14
Task 2: Deploy and Delete the Blueprint Deployment
You deploy the blueprint to test the blueprint and then delete your deployment to save the lab
resources.
Option Action
Inputs Enter static86 for the host name and 172.20.11.186 for the IP
address.
4. After your deployment is complete, use the vSphere Client to open a remote console on
your deployed front-end server.
5. Log into your deployed virtual machine, with the root user account and VMware1! as the
password.
7. Use the nano editor on the deployed virtual machine to examine the
/root/myconfig/50-cloud-init.yaml configuration file that you created.
8. Enter the hostname command to verify that your host name is static86.
15
Lab 3 Troubleshooting an Advanced
Blueprint
17
Task 1: Import a Broken YAML Blueprint and Correct Problems
You import a blueprint that has problems in the YAML code and fix the problems.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
Option Action
4. Open the Multi-Disk blueprint and correct any obvious syntax errors.
This blueprint has five errors in it. Some errors are obvious.
18
A red error icon appears to the left of the blueprint, indicating syntax errors.
c. Verify that variables that are created are properly used and referenced.
d. Verify the output file that is created on the deployed system to verify any quotation-
related string problems.
These problems include missing beginning quotations, missing end quotations, quotations
inside quotations, and so on.
e. Verify that the correct escape characters are used for special characters.
f. Storage tags do not match the available storage profiles capability tags. Storage tags in
the blueprint are currently set to use either Silver or Gold depending on the number of
disks. - tag: '${input.NumDisks != 1 ? "Silver" : "Gold"}'.
Correct this code to match the correct capability tags for silver and gold storage in your
system.
5. Test your blueprint with all the default values after you have corrected the obvious syntax
errors
Option Action
7. Click CLOSE.
19
Task 2: Deploy, Test, and Delete the Deployment
You deploy the blueprint to test and then delete your deployment to save lab resources. You
deploy the MySQL server and then delete your deployment to save lab resources.
Option Action
Inputs Enter ubuntu1 for the host name, enter 172.20.11.182 for the IP
address, enter 3 for the number of data disks.
4. After your deployment is complete, use the vSphere Client to open a remote console on
your deployed Ubuntu server.
5. Log into your deployed virtual machine with the root user account and VMware1! as the
password.
a. Verify that all the output files in the deployed system that the YAML code creates are
correct.
20
8. Enter the df -h command to verify that you have three data disks (/dev/sdb,
/dev/sbc, and /dev/sdd) that are formatted.
9. If the deployment succeeds, close your remote console and continue the rest of the lab.
21
Lab 4 Adding Users and cloudConfig
Commands
1. Upload a YAML Blueprint That Builds a MySQL Server with Users and a Static IP Address
3. Examine the Blueprint of the MySQL Server with Users and Static IP
9. Examine the Complete YAML for the MySQL Back-End Virtual Machine
22
Task 1: Upload a YAML Blueprint That Builds a My SQL Server with
Users and a Static IP Address
Upload a YAML blueprint that builds a MySQL server with users and a static IP address.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
3. Upload a blueprint.
Option Action
Description Enter MySQL server for your back end server in the
text box.
23
Task 2: Deploy Your Blueprint
You deploy the blueprint so that it is running when you are ready to test it.
3. Deploy the MySQL Server with Users and Static IP blueprint to test it.
Option Action
24
Task 3: Examine the Blueprint of the MySQL Server with Users and
Static IP
You examine the YAML code for a back-end MySQL server.
2. Open the MySQL Server with Users and Static IP blueprint to view it.
3. Verify that a singular cloud-agnostic machine on the design canvas named mysql exists.
4. Verify that the mysql cloud machine is connected to a same cloud network with the
net:production tag.
25
Task 4: Examine Your Static IP Input Variables for the MySQL Server
You examine the YAML code to get input variables for the IP address.
2. Open the MySQL Server with Users and Static IP blueprint to examine the YAML code.
3. Begin by examining the inputs to configure a static IP address for the MySQL server.
inputs:
ipaddress1:
type: string
title: Enter your IP address for the mysql server range
172.20.11.180-199
pattern: '172.20.11.[1][8-9][0-9]'
description: This will be the IP address for the mysql
server
default: 172.20.11.185
NOTE
Your blueprint also contains inputs for both hostnames, the user name and the password, but
we will skip those for now.
26
Task 5: Examine the Software Packages
You examine the YAML code that installs the software.
These directives are the same as the ones used in the earlier MySQL server blueprint.
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
You install MySQL (mysql-server-5.7) on the back-end database server.
1. Examine the cloudConfig users: directives to create the MySQL administrator user.
users:
- name: ${input.user}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo
shell: /bin/bash
27
Task 7: Examine Your Network Configuration for the MySQL Server
You examine the YAML code to configure the network.
1. Examine the cloudConfig commands under runcmd: that configures the netplan file for
the front end.
- mkdir -p /root/myconfig
- hostnamectl set-hostname ${input.hostname1}
- cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-
init.yaml.sav
- chmod 777 /etc/netplan/50-cloud-init.yaml
- touch /root/myconfig/50-cloud-init.yaml
2. Examine the cloudConfig commands under runcmd that configure the IP address in the
netplan file.
- echo "VRA - Setting static IP" >> root/log.txt
- echo "VRA - Setting static IP"
- mkdir -p /root/myconfig
- cp /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-
init.yaml.sav
- chmod 777 /etc/netplan/50-cloud-init.yaml
- touch /root/myconfig/50-cloud-init.yaml
- echo "network:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " version:"" 2" >> /root/myconfig/50-cloud-init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-cloud-
init.yaml
- echo " addresses:"" [${input.ipaddress1}/24]" >>
/root/myconfig/50-cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >> /root/myconfig/50-
cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-cloud-
init.yaml
- echo " addresses:"" [172.20.11.10]" >>
/root/myconfig/50-cloud-init.yaml
- cp /root/myconfig/50-cloud-init.yaml /etc/netplan/50-cloud-
init.yaml
- chmod 644 /etc/netplan/50-cloud-init.yaml
- netplan apply
28
3. Examine the cloudConfig runcmd directives to set the host name in the DNS server and
update the log file.
29
Task 8: Verify the MySQL User and Database Configuration
You verify the MySQL user and database configuration.
1. Examine cloudConfig runcmd: directives to set the password for the MySQL administrator
user and to enable your user to use SSH to log in.
- USER=${input.user}
- PASS=${input.pass}
- echo $USER:$PASS | /usr/sbin/chpasswd
- sed -i "s/PasswordAuthentication no/PasswordAuthentication
yes/g" /etc/ssh/sshd_config
- service ssh reload
- echo 'VRA ssh reload complete' >> /root/log.txt
- echo 'VRA ssh reload complete'
2. Examine cloudConfig runcmd directives to add the user and password to the MySQL
database.
30
3. Examine the MySQL IP configuration before the mysql restart..
The restart is also needed before the final DB rights are assigned to the MySQL user.
4. Examine the cloudConfig runcmd directives to grant privileges in MySQL to your user and
to create the myvRAdb database.
31
Task 9: Examine the Complete YAML for the MySQL Back-End
Virtual Machine
You examine the complete YAML code for the MySQL back-end virtual machine.
1. Examine a copy of the complete YAML code for the MySQL back-end machine.
formatVersion: 1
inputs:
ipaddress1:
type: string
title: Enter your IP address for the mysql server range
172.20.11.180-199
pattern: '172.20.11.[1][8-9][0-9]'
description: This will be the IP address for the mysql
server
default: 172.20.11.185
hostname1:
type: string
title: mysql hostname
default: mysql
description: Name of the mysql server. This name will be
used to set the internal hostname and is part of the FQDN for
DNS.
hostname2:
type: string
title: frontend hostname
default: frontend
description: Name of the front end server. This name will
be used to set the internal hostname and is part of the FQDN
for DNS.
user:
type: string
title: User name for the system administrator account
default: superadmin
description: This user name will have administrator
privileges in the MySQL database and can be used to log into
the front end server.
pass:
type: string
title: Password for the superadmin account.
encrypted: true
default: VMware1!
description: Password for the superadmin account.
resources:
32
mysql:
type: Cloud.Machine
properties:
image: VMW-Ubuntu-Cloud
flavor: VMW-Large
networks:
- network: '${resource.Cloud_Network_1.id}'
cloudConfig: |
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
users:
- name: ${input.user}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo
shell: /bin/bash
runcmd:
- touch /root/log.txt
- echo 'VRA - Starting runcmd' >> /root/log.txt
- echo 'VRA - Starting runcmd'
33
- echo " gateway4:"" 172.20.11.10" >>
/root/myconfig/50-cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
/root/myconfig/50-cloud-init.yaml
- cp /root/myconfig/50-cloud-init.yaml
/etc/netplan/50-cloud-init.yaml
- chmod 644 /etc/netplan/50-cloud-init.yaml
- netplan apply
- USER=${input.user}
- PASS=${input.pass}
- echo $USER:$PASS | /usr/sbin/chpasswd
- sed -i "s/PasswordAuthentication
no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
- service ssh reload
- echo 'VRA ssh reload complete' >> /root/log.txt
- echo 'VRA ssh reload complete'
- echo "mysql-server-5.7 mysql-server/root_password
password root" | sudo debconf-set-selections
- echo "mysql-server-5.7 mysql-
server/root_password_again password root" | sudo debconf-set-
selections
- echo "[client]" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=root" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=root" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=$USER" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=$PASS" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
34
/etc/mysql/mysql.conf.d/mysqld.cnf
- systemctl restart mysql
- echo 'mySQL restart complete' >> /root/log.txt
- echo 'VRA - mysql restart complete'
35
36
37
Task 10: Test and Delete the MySQL Server
You test the deployment and then delete your deployment to save lab resources.
You must ensure that you log in at least 5 minutes after the deployment is complete before
you log in so that the cloudConfig commands can run. {revised - verify}
2. Record the names of the vSphere virtual machine that was deployed.
4. Click the virtual machine, which is your mysql server to open its properties.
The DNS name must be mysql.vclass.local and have a static IP address of 172.20.11.185.
7. Enter the mysql -u superadmin -p command to verify that the MySQL database is
installed and that your superadmin account is accessible.
If you have successfully installed a default MySQL server, the MySQL monitor must start.
You are prompted for your password. If your MySQL monitor does not start, verify your
YAML code for errors and redeploy.
8. Enter the use myvRAdb command to verify that the myvRAdb database exists.
38
Lab 5 Creating and Deploying a Front-
End Server
9. Examine the Complete YAML for the Front- End Virtual Machine
39
Task 1: Upload a YAML Blueprint That Builds a Front-End Server
You upload a YAML blueprint that builds a front-end server to the MySQL blueprint.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
3. Upload a blueprint.
Option Action
Description Enter Front end server plus MySql server in the text
box.
40
Task 2: Deploy Your Blueprint
You deploy the blueprint so that it is running when you are ready to test it.
Option Action
41
Task 3: Examine the Blueprint with the Front-End Server Added
You examine the YAML code to add a front-end server to MySql. The server is the front-end
appliance to manage the database for the two-tier application. You have an Ubuntu server with a
static IP address on the same network as the MySQL server.
IMPORTANT
3. Verify that a second cloud-agnostic machine on the design canvas to the left of your MySQL
cloud-agnostic machine exists.
4. Verify that the front-end cloud machine is connected to the same cloud network that the
mysql cloud machine is connected.
5. Verify that the front-end cloud machine depends on the MySQL machine.
vRealize Automation deploys and configures the mysql virtual machine before it configures
the frontend virtual machine.
42
Task 4: Verify Your Static IP Input Variables for the Front-End Server
You verify the YAML code to get input variables for the IP address.
3. Verify the inputs to configure a static IP address for the front-end server.
The commands you use are similar to the MySQL server configuration in the previous labs.
You only change the front-end input variable to ipaddress2 .
Setting Value
43
Task 5: Examine the Software Packages
You examine the YAML code that installs the software and the MySQL users.
You install MySQL (mysql-server-5.7) on the back-end database server and on the front-end
server because the phpMyAdmin front-end tool requires its own database.
44
Task 6: Examine the MySQL User Configuration
{provide information}
1. Examine the cloudConfig users: directives to create the MySQL administrator user.
users:
- name: ${input.user}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo
shell: /bin/bash
You use the same superadmin user account in the front-end server that you use in the
MySQL server.
45
Task 7: Examine Your Network Configuration for the Front-End
Server
You examine the YAML code to configure the network.
1. Examine the cloudConfig commands under runcmd: that configures the netplan file for
the front end.
2. Examine the cloudConfig commands under runcmd that configures the IP address in the
netplan file.
The commands used here are similar to the MySQL configuration in the previous labs. The
only change is the front-end input variable is ipaddress2 .
46
3. Examine the cloudConfig runcmd directives to set the host name in the DNS server and
update the log file.
47
Task 8: Examine the MySQL User Configuration
You examine the user configuration for the MySQL server.
1. Examine the cloudConfig runcmd: directives to set the password for the MySQL
administrator user and to enable your user to use SSH to log in.
The YAML code is the same code that is used in the back-end MySQL database server.
2. Examine the cloudConfig runcmd directives to add the user and password to the MySQL
database.
The YAML code is the same code that is used in the back-end MySQL database server.
48
3. Examine the MySQL IP configuration before the mysql restart.
The restart is also needed before the final DB rights are assigned to the MySQL user.
4. Examine the cloudConfig runcmd directives to grant privileges in MySQL to your user.
49
Task 9: Examine the Complete YAML for the Front-End Virtual
Machine
You examine the complete YAML for the front-end virtual machine.
1. View a copy of the complete YAML code for the front-end machine.
This code does not include the YAML blueprint Inputs or the code for the mysql server.
resources:
frontend:
type: Cloud.Machine
dependsOn:
- mysql
properties:
image: VMW-Ubuntu-Cloud
flavor: VMW-Large
networks:
- network: '${resource.Cloud_Network_1.id}'
cloudConfig: |
package_update: true
package_upgrade: true
packages:
- mysql-server-5.7
- mysql-client
- unzip
- git
users:
- name: ${input.user}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo
shell: /bin/bash
runcmd:
50
init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [${input.ipaddress2}/24]"
>> /root/myconfig/50-cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >>
/root/myconfig/50-cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
/root/myconfig/50-cloud-init.yaml
- cp /root/myconfig/50-cloud-init.yaml
/etc/netplan/50-cloud-init.yaml
- chmod 644 /etc/netplan/50-cloud-init.yaml
- netplan apply
51
- echo "password=root" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=$USER" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=$PASS" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
52
53
Task 10: Test and Delete the Two Servers
You test the deployment and then delete your deployment to save lab resources.
You must ensure that you log in at least 5 minutes after the deployment is complete before
you log in so that the cloudConfig commands can run. You must open a console on the front-
end server and not on the MySQL server.
2. Record the names of the two vSphere virtual machines that were deployed.
4. Click the virtual machine that is your front-end server to open its properties.
This system is the second server deployed, because this front-end server depends on the
mysql server.
The DNS name must be frontend.vclass.local and it must have a static IP address of
172.20.11.186.
6. Log into your deployed virtual machine (the front-end server) with the superadmin user
account and the VMware1! password.
7. Enter the mysql -u superadmin -p command to verify that the MySQL database is
installed and that your superadmin account is accessible.
If you have successfully installed a default MySQL server, the MySQL monitor must start.
You are prompted for your password. If your MySQL monitor does not start, verify your
YAML code for errors and redeploy.
8. Enter the use myvRAdb command to verify that the myvRAdb database is not created.
54
9. Close your remote console.
55
Lab 6 Installing phpMyAdmin
1. Upload a YAML Blueprint That Deploys a Front-End Server With phpMyAdmin Installed
56
Task 1: Upload a YAML Blueprint That Deploys a Front-End Server
With phpMyAdmin Installed
You upload a YAML blueprint that builds a front-end server to the MySQL blueprint.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
3. Upload a blueprint.
Option Action
57
Task 2: Deploy Your Blueprint
You deploy the blueprint so that it is running when you are ready to test it.
Option Action
58
Task 3: Examine the Installation Code for the phpMyAdmin Server
You examine the YAML code to install the phpMyAdmin server. phpMyAdmin cannot be installed
as a regular package using the packages directive because the default install requires
interactive input.
IMPORTANT
You can begin by looking at the packages list. This list has changed from the simple MySQL
server.
packages:
- apache2
- php
- php-mysql
- libapache2-mod-php
- php-gd
- php-mbstring
- php-xml
- php-zip
- php-curl
- mysql-server-5.7
- unzip
- curl
4. Scroll further down and examine the new code beginning with - echo "VRA-
Installing myphpadmin" >> /root/log.txt.
- echo "VRA- Installing myphpadmin" >> /root/log.txt
- echo "VRA- Installing myphpadmin"
- export DEBIAN_FRONTEND=noninteractive
- apt-get -yq install phpmyadmin
The export code exports a variable to indicate to the phpMyAdmin installation that it is in
noninteractive mode.
5. Scroll further down and examine the code that creates the myphpadmin.conf file.
59
The file is a configuration file that is copied over the configuration file that controls
phpMyadmin. The text file that is created if you deploy the blueprint with the default inputs
appears similar to the output in the /root/my_phpmyadmin.conf file.
dbc_install='true'
dbc_upgrade='true'
dbc_remove='true'
dbc_dbtype='mysql'
dbc_dbuser=superadmin
dbc_dbpass=VMware1!
dbc_dballow='localhost'
dbc_dbserver='localhost'
dbc_dbport='3306'
dbc_dbname='phpmyadmin'
dbc_dbadmin='debian-sys-maint'
dbc_basepath=''
dbc_ssl=''
dbc_authmethod_admin=''
dbc_authmethod_user=''
60
- echo "dbc_dbadmin='debian-sys-maint'">>
/root/my_phpmyadmin.conf
- echo "dbc_basepath=''" >> /root/my_phpmyadmin.conf
- echo "dbc_ssl=''">> /root/my_phpmyadmin.conf
- echo "dbc_authmethod_admin=''" >>
/root/my_phpmyadmin.conf
- echo "dbc_authmethod_user=''" >>
/root/my_phpmyadmin.conf
- echo “Finished creating phpmyadmin configuration
file” >> /root/log.txt
- echo “Finished creating phpmyadmin configuration
file”
- phpenmod mbstring
61
Here are the commands used to copy the configuration file, reconfigure php, and enable
mbstring:
- cp /etc/dbconfig-common/phpmyadmin.conf /etc/dbconfig-
common/phpmyadmin.conf.sav
- cp /root/my_phpmyadmin.conf /etc/dbconfig-
common/phpmyadmin.conf
- dpkg-reconfigure --frontend=noninteractive phpmyadmin
- phpenmod mbstring
10. Next the configuration of the Apache web server must be changed so that phpMyAdmin can
use it.
The following code adds a line to the end of the Apache configuration file and restarts
Apache.
62
11. View the complete YAML code for the front-end cloud machine in the blueprint.
resources:
frontend:
type: Cloud.Machine
dependsOn:
- mysql
properties:
image: VMW-Ubuntu-Cloud
flavor: VMW-Large
networks:
- network: '${resource.Cloud_Network_1.id}'
cloudConfig: |
package_update: true
package_upgrade: true
packages:
- apache2
- php
- php-mysql
- libapache2-mod-php
- php-gd
- php-mbstring
- php-xml
- php-zip
- php-curl
- mysql-server-5.7
- unzip
- curl
users:
- name: ${input.user}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo
shell: /bin/bash
runcmd:
63
init.yaml
- echo " version:"" 2" >> /root/myconfig/50-cloud-
init.yaml
- echo " ethernets:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " ens160:"" " >> /root/myconfig/50-cloud-
init.yaml
- echo " dhcp4:"" false " >> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [${input.ipaddress2}/24]"
>> /root/myconfig/50-cloud-init.yaml
- echo " gateway4:"" 172.20.11.10" >>
/root/myconfig/50-cloud-init.yaml
- echo " nameservers:"" ">> /root/myconfig/50-
cloud-init.yaml
- echo " addresses:"" [172.20.11.10]" >>
/root/myconfig/50-cloud-init.yaml
- cp /root/myconfig/50-cloud-init.yaml
/etc/netplan/50-cloud-init.yaml
- chmod 644 /etc/netplan/50-cloud-init.yaml
- netplan apply
64
- echo "user=root" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=root" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "user=$USER" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "password=$PASS" >>
/etc/mysql/mysql.conf.d/mysqld.cnf
- echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
65
- echo "dbc_dballow='localhost'" >>
/root/my_phpmyadmin.conf
- echo "dbc_dbserver='localhost'">>
/root/my_phpmyadmin.conf
- echo "dbc_dbport='3306'" >>
/root/my_phpmyadmin.conf
- echo "dbc_dbname='phpmyadmin'" >>
/root/my_phpmyadmin.conf
- echo "dbc_dbadmin='debian-sys-maint'">>
/root/my_phpmyadmin.conf
- echo "dbc_basepath=''" >> /root/my_phpmyadmin.conf
- echo "dbc_ssl=''">> /root/my_phpmyadmin.conf
- echo "dbc_authmethod_admin=''" >>
/root/my_phpmyadmin.conf
- echo "dbc_authmethod_user=''" >>
/root/my_phpmyadmin.conf
- echo “Finished creating phpmyadmin configuration
file” >> /root/log.txt
- echo “Finished creating phpmyadmin configuration
file”
66
- service ssh reload
- systemctl reload apache2
- systemctl restart apache2
67
NOTE
The above YAML code does not include the inputs, the YAML code for the MySQL server
machine, or the YAML code for the network. You can scroll your blueprint to view the code.
68
Task 4: Test and Delete the Deployment
You test and then delete your deployment to save the lab resources.
1. Go to Deployments.
IMPORTANT
You have several cloud-config directives in your blueprint. Give your deployed systems time
to run these directives and to reboot.
3. After your deployment is complete, use the vSphere Client to open a remote console on
your deployed front-end server.
You ensure that you open a console on the front-end server and not on the MySQL server.
4. Log into your deployed virtual machine (the front-end server) with the superadmin user
account and the VMware1! password.
5. Enter the mysql -u superadmin -p command to verify that the MySQL database is
installed and that the superadmin account is accessible.
If you have successfully installed a default MySQL server, the MySQL monitor must start.
You are prompted for your password. If your MySQL monitor does not start, verify your
YAML code for errors and redeploy.
6. Enter the use myvRAdb command to verify that the myvRAdb database was not created.
69
8. Return to the VMware Cloud Services browser tab.
10. Record the machine names and IP addresses that are assigned to your two deployed
machines. __________
11. Open a new tab on your browser and go to http://<front end IP>.
NOTE
The default page for the Apache2 web server must appear. If the page does not appear,
troubleshoot your blueprint.
12. Open a new tab on your browser and go to http://<front end IP>/phpmyadmin.
The default page for the phpMyAdmin front-end server must appear. If the page does not
appear, troubleshoot your blueprint.
70
13. Log in to phpMyAdmin with superadmin as the user name and VMware1! as the password.
If you cannot log in to phpMyAdmin with the superadmin user account, you must
troubleshoot your blueprint.
14. Close the phpMyAdmin browser tab and return to Cloud Assembly.
71
Lab 7 Configuring phpMyAdmin to
Connect to the MySQL Server
3. Examine the YAML Code That Connects the Front-End phpMyAdmin Server to the Back-
End MySQL Server
72
Task 1: Upload the YAML Blueprint
You upload the YAML blueprint that deploys the front-end server and the back-end server and
connects them.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
3. Upload a blueprint.
Option Action
73
Task 2: Deploy Your Blueprint
You deploy the blueprint so that it is running when you are ready to test it.
Option Action
74
Task 3: Examine the YAML Code That Connects the Front-End
phpMyAdmin Server to the Back-End MySQL Server
You examine the YAML code that connects your front-end phpMyAdmin server to the back-end
MySQL server.
IMPORTANT
3. The - echo command in the runcmds section of the YAML code is used to create a text
configuration file /root/my_phpmyadmin-host.conf in the front-end server.
The text file /root/my_phpmyadmin-host.conf that will be created when the Complete
Two-Tier System blueprint is deployed with the default inputs appears like this:
$i++;
$cfg['Servers'][$i]['host'] = '172.20.11.185';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['compress'] = 'FALSE';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'superadmin';
$cfg['Servers'][$i]['password'] = 'VMware1!';
This text file is used to connect phpMyAdmin to a remote MySQL server. You can connect
several remote MySql servers to phpMyAdmin. This vApp connects to only one remote
server. The /etc/phpmyadmin/config.inc.php file controls the remote MySQL
configuration of phpMyAdmin. The documentation for these parameters is available at
https://docs.phpmyadmin.net/en/latest/config.html.
Your configuration file must include the IP address that was assigned to the MySQL server.
The default MySQL server is mysql.vclass.local. You can override the default server and the
default IP by using your input variables when you deploy the blueprint.
75
4. Examine the code used to create the configuration file.
76
8. Next the cloudConfig runcmd directives part of the YAML code for the front-end cloud
machine must reboot the server after the multihost configuration file was overwritten.
77
Task 4: Test and Delete the Two Servers
You test the deployment and then delete your deployment to save lab resources.
1. Navigate to Deployments.
2. Wait for your deployment to complete, then wait five more minutes.
Several cloud-config directives are available in your blueprint. Give the deployed system time
to run these directives and to reboot.
3. After your deployment is complete, use the vSphere Client to open a remote console on
your deployed front-end server.
You must open a console on the front-end server and not the MySQL server.
4. Log in to your deployed virtual machine (the front-end server) with the superadmin user
account and the VMware1! password.
5. Enter the mysql -u superadmin -p command to verify that the MySQL database is
installed and that the superadmin account is accessible.
If you have successfully installed a default MySQL server, the MySQL monitor should start.
You are prompted for your password. If your MySQL monitor does not start, verify your
YAML code for errors and redeploy.
6. Enter the use myvRAdb command to verify that the myvRAdb database is not created.
78
10. Record the machine names and IP addresses that are assigned to your two deployed
machines. ___________
11. Open a new tab on your browser and go to http://<front end IP>.
The default page for the Apache2 web server must appear. If the page does not appear,
troubleshoot your blueprint.
12. Open a new tab on your browser and go to http://<front end IP>/phpmyadmin.
The default page for the phpMyAdmin front-end server must appear. The option to connect
to the local host and a remote host must be available. If this page does not appear,
troubleshoot your blueprint.
79
13. Log in to phpMyAdmin.
Option Action
If you cannot log in to phpMyAdmin with the superadmin user account, troubleshoot your
blueprint.
14. Verify that myvRAdb appears in the left pane as one of your databases.
This database is available in the mysql.vclass.local server and not in the frontend.vclass.local
server. This database verifies that your front-end server is connected to the remote MySQL
database.
15. Close the phpMyAdmin browser tab and return to Cloud Assembly.
80
Task 5: Redeploy Your Blueprint with Nondefault Variables
You redeploy the blueprint to test using nondefault variables and then delete your deployment to
save lab resources.
1. Verify that you are on the Cloud Assembly tab in Design > Blueprints.
Option Action
User name for the system administrator Enter superroot in the text box.
account
Password for the superadmin account Enter mynewpassword1! in the text box.
4. After your deployment is complete, use the vSphere Client to open a remote console on the
deployed front-end server.
IMPORTANT
You must wait for at least five minutes after the deployment is complete to allow the
cloudConfig code time to finish and the systems time to reboot.
You must open a console on the front-end server and not on the MySQL server.
5. Log in to your deployed virtual machine (the front-end server) with the superroot user
account and the mynewpassword1! password.
81
6. Enter the mysql -u superroot -p command to verify that the MySQL database is
installed and that the superadmin account is accessible.
10. Record the system names and IP addresses that are assigned to your two deployed
machines. __________
11. Open a new tab on your browser and go to http://<front end IP>.
The default page for the Apache2 web server must appear. If this page does not appear,
troubleshoot your blueprint.
12. Open a new tab on your browser and go to http://<front end IP>/phpmyadmin.
Option Action
Server Enter the IP address of your MySQL server. You must enter
Choice 172.20.11.191 as the address for the MySQL Server on this
deployment.
If you cannot log in to phpMyAdmin with the superadmin user account, troubleshoot your
blueprint.
14. Close the phpMyAdmin browser tab and return to Cloud Assembly.
82
Lab 8 Creating a Blueprint Using the
NSX-T Data Center Components
83
Task 1: Create Network Profiles
You create network profiles for the Web, App, and DB nodes.
1. Open Chrome.
• Password: VMware1!
Option Action
Description Enter Network profile for Web Tier in the text box.
11. Select Create an on-demand network from the Isolation policy drop-down menu.
84
12. Specify the web network settings.
Option Action
Option Action
Description Enter Network profile for App Tier in the text box.
17. Select Create an on-demand network from the Isolation policy drop-down menu.
85
18. Specify the App network settings.
Option Action
Option Action
23. Select Create an on-demand network from the Isolation policy drop-down menu.
86
24. Specify the DB network settings.
Option Action
87
Task 2: Create the Multitier Blueprint: Define Virtual Machines
You create a multitier blueprint and define Web, App, and DB virtual machines.
2. Click +NEW.
Option Action
3. Click CREATE.
4. In the left pane, drag Cloud Agnostic Machine to the design canvas.
5. Drag two additional instances of Cloud Agnostic Machine to the design canvas.
You renamed the VM display name. This name is added as a prefix in vCenter Server.
9. In the YAML editor, select the image and flavor for the VM-Web node.
Option Action
88
10. Select the image and flavor for the VM-App node.
Option Action
11. Select the image and flavor for the VM-DB node.
Option Action
12. Leave the design canvas open for the next task.
89
Task 3: Create the Multitier Blueprint: Define Networks
You define networks for the Web, App, and DB virtual machines.
5. Enter Net-Web.
You renamed the network display name. This name is added as a prefix in NSX-T Data
Center.
b. Press Enter and select the net:web tag from the list.
9. Change the Net-App and Net-DB network profiles from existing to routed.
10. Add the constraint tags for the Net-App and Net-DB networks.
90
Task 4: Create the Multitier Blueprint: Define Security Groups
You define security groups for the Web, App, and DB virtual machines.
You added an existing security group created by NSX-T Enterprise Administrator. The rules
defined for this security group are applied to all the deployed VMs using the Net-Web
network profile.
7. Click SAVE.
10. In the left pane, drag Cloud Agnostic Security Group to the design canvas.
11. Drag two additional instances of Security Groups to the design canvas.
You renamed the security group display name. This name is added as a prefix in NSX-T Data
Center.
15. Change the names for the App and DB security groups.
a. Remove Cloud_SecurityGroup_2 and enter SG-App for the second security group.
b. Remove Cloud_SecurityGroup_3 and enter SG-DB for the third security group.
b. Select new.
18. From the SG-Web security group, remove the constraints: [] line.
91
19. Remove constraints: [] for the SG-App and SG-DB security groups.
The security group configuration in the blueprint appears similar to the screenshot.
20. Leave the design canvas open for the next task.
92
Task 5: Create the Multitier Blueprint: Define the Load Balancer
You define the load balancer for the web virtual machines.
1. In the left pane, drag NSX Load Balancer to the design canvas.
4. Enter LB-Web.
You renamed the load balancer display name. This name is added as a prefix in NSX-T Data
Center.
6. Press Enter.
7. Select Protocol.
8. Select TCP.
9. Press Enter.
You must not enter instanceProtocol or instancePort in this case. The specified protocol and
port from the previous step are used for the instances.
15. Enter 2.
The load balancer configuration in the blueprint appears similar to the screenshot.
16. Leave the design canvas open for the next task.
93
Task 6: Connect Network Components to Virtual Machines
You connect networks, security groups, and the load balancer to the Web, App, and DB nodes.
b. Click the circle and drag the line that appears with the VM-Web virtual machine.
b. Click the circle and drag the line that appears with the VM-Web virtual machine.
d. Click SAVE.
b. Click the circle and drag the line that appears with the VM-Web virtual machine.
b. Click the circle and drag the line that appears with the Net-Web network.
94
9. Click TEST.
You must not see any errors. If any errors appear, review the message and revisit your
configuration from previous tasks.
95
Lab 9 Deploying the Blueprint and
Validating the NSX-T Data Center
Objects
97
Task 1: Deploy the 3-Tier Blueprint
You deploy the three-tier blueprint with the NSX-T Data Center components.
1. Open Chrome.
• Password: VMware1!
Option Action
9. Click DEPLOY.
You must wait for the deployment to finish. This step might take up to 5 minutes.
98
Task 2: Review the Deployed NSX-T Data Center Objects
You log in to the NSX-T Data Center policy manager to validate the deployed components.
1. Open a new Chrome tab and select NSX Manager from the Infrastructure favorites menu.
• Password: VMware1!VMware1!
Q1. Do you see three networks created from Web, App, and DB profiles?
A1. Yes.
Q2. In the Logical ports column, why do you see four ports for the Net-Web logical
switch?
A2. The b lueprint has dep loyed two web nodes.
Q3. Do you see three Tier-1 routers for Web, App, and DB VMs?
A3. Yes.
Q5. Do you see three on-demand security groups created for Web, App, and DB
VMs?
A5. Yes.
Q6. Why do you see two Direct Members for the SG-Web security Group?
A6. The b lueprint has dep loyed two web nodes.
The Web-Block-Rule is a security rule written by NSX-T Administrator to block certain traffic
to all the web nodes.
99
12. Click Load Balancing in the left pane.
Q8. Do you see the LB-Web prefix assigned for the load balancer?
A8. Yes.
Q9. What is the protocol and port assigned to the virtual server?
A9. TCP 443.
The default IP Address is 192.168.1.2. If you see a different IP address, record the IP address
as you need this information for the next task.
100
Task 3: Validate the Application and Load Balancer
You validate the deployed three-tier application and the load balancer behavior.
101
3. Go to the vRealize Automation console.
• Password: VMware1!
9. Click the vertical ellipsis in the top-right corner of Chrome and click New incognito window.
https://192.168.1.2/cgi-bin/app.py
As one of the web nodes is powered off, the load balancer redirects the requests to next
available node and validates the function of the load balancer.
102
Task 4: Validate the Security Rules
You validate the security rules for the web nodes.
4. Enter 192.168.1.10 in the Host Name text box and click Open.
• Password: VMware1!
Q1. You cannot ping the Web node but you can use SSH. Why?
A1. Security Rule e xists in NSX- T D ata Ce nter to b loc k t he ICMP traffic.
telnet 192.168.1.10 80
7. In the command prompt window, enter the command.
Q2. You cannot access port 80. You are able to access port 443. Why?
A2. Security Rule is in NSX-T Dat a Center to b lock the H TTP tr affic.
• Password: VMware1!VMware1!
The Web-Block-Rule for the VMware-Common-Web security group must explain the
behavior of not being able to access certain ports on the web node.
13. Log out from NSX-T Policy Manager and close the Chrome window.
103
Task 5: Save the Lab Resources
You destroy your multitier deployment to free resources.
3. Click Delete.
4. Click SUBMIT.
104
Lab 10 Using vRealize Orchestrator to
Create a DNS Entry When vRealize
Automation Deploys a System
3. Import and Modify a YAML Blueprint to Create an Ubuntu VM with a Static IP address
6. Create a Subscription
105
Task 1: Prepare Your PowerShell Host
You use PowerShell to run a command that adds a DNS entry to the DNS host. To simplify the
connection of vRealize Orchestrator to PowerShell, you must first open security on the
PowerShell host.
NOTE
To simplify this lab, you reduce the security on the PowerShell host.
2. Double-click DC (vclass.local).
You must enter {} and not parentheses with the Basic="true" parameter.
Unencrypted communications indicate that vRealize Orchestrator can use the HTTP protocol
instead of HTTPS to communicate with the PowerShell host. Encrypted communications
require an exchange of valid digital certificates.
106
6. Enter winrm set winrm/config/service
@{AllowUnencrypted=”true”}.
A list of configuration settings, including AllowUnencrypted = true, appear on
Winrm.
You must enter braces {} and not parentheses with the Basic="true" parameter.
Unencrypted communications indicate that vRealize Orchestrator can use the HTTP protocol
instead of HTTPS to communicate with the PowerShell host. Encrypted communications
require an exchange of valid digital certificates.
107
Task 2: Connect Your PowerShell Endpoint in vRealize Orchestrator
You connect vRealize Orchestrator to the PowerShell host so that workflows can run the
PowerShell commands.
Use this step only if you do not have two browser tabs that are currently logged in to
vRealize Orchestrator and Cloud Assembly.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
j. Click Orchestrator.
One tab is for Cloud Assembly and the other tab for the vRealize Orchestrator Client.
l. Click the Orchestrator Client tab.
Two filters are created. The Add a PowerShell host workflow appears.
You can click anywhere above the filter text box to remove the third filter text box.
108
6. Run the workflow.
Option Action
7. After you enter the Name, Host or IP, and Port information, click the User Credentials tab.
Option Action
9. Click RUN.
10. Verify that the Add a PowerShell Host workflow runs successfully and ends with the
Completed status.
11. If your workflow run fails, click RUN AGAIN and verify your inputs.
109
Task 3: Import and Modify a YAML Blueprint That Creates an Ubuntu
VM with a Static IP Address
You import a blueprint that creates an Ubuntu system and sets a static IP address. You modify
the blueprint by adding custom properties.
NOTE
This lab deploys an Ubuntu system with a static IP by using a hard-coded Netplan
configuration file.
This technique is used in this lab to send the IP address and host name to vRealize
Orchestrator easily.
Using a hard-coded Netplan configuration file to set the static IP address is not a best
practice. The best practice to set a static IP address in a YAML blueprint with cloudConfig is
to use a STATIC directive and prepare your Ubuntu template using the information in
https://docs.vmware.com/en/vRealize-Automation/8.0/Using-and-
Managing-Cloud-Assembly/GUID-57D5D20B-B613-4BDE-A19F-223719F0BABB.html.
Option Action
4. Click UPLOAD.
110
6. Add the following items in the YAML code after the flavor: VMW-Small line.
Setting Value
userDefinedString: '${input.hostname1}'
userDefinedNumber: '${input.ipaddress}'
Setting Value
hostname Ubuntu185
ipaddress 172.20.11.185
111
Task 4: Import a vRealize Orchestrator Package
You import a vRealize Orchestrator package. The workflow in this package receives the custom
properties from vRealize Orchestrator and uses them to add a DNS entry to the DNS server.
5. Click IMPORT.
7. Click OPEN on the vRA-Add-DNS catalog card to open the workflow for editing.
8. Click Variables.
9. Click Host.
112
12. Click SELECT and click SAVE.
The schema has three elements: Examine inputProperties, Build Command, and Invoke a
PowerShell script.
This script uses the userDefinedNumber custom property, which is a variable set in
your blueprint YAML code, to get the IP address. You can get the actual IP address that is
assigned to a virtual machine from the addresses input property. The example includes
ipaddr = inputProperties.get('addresses'); JavaScript code. The
addresses input property is an array. If only one IP address is assigned to the virtual
machine, inputProperties.get('addresses'); returns that address. If multiple
IP addresses are assigned, the addresses property contains a subarray of values (a comma-
separated list of IP addresses) that you must parse.
The inputs and outputs from the Examine InputProperties element appear.
113
The Build Command element creates a PowerShell command that includes hostname and
ipAddress.
pshellCommand = cmdletName +' -Name "' + hostName + '" -
ZoneName "' + zoneName + '" -CreatePtr -IPv4Address
"'+ipAddress+'"'
The cmdletName and zoneName variables are hardcoded in the workflow as Add-
DnsServerResourceRecordA and vclass.local respectively. You can view
them if you click the Variables tab for the entire workflow.
This text is all concatenated into a single string that is loaded to the pshellCommand
variable and output to the final element.
The final element in the workflow is a standard vRealize Orchestrator element that starts a
PowerShell script on a preconnected PowerShell host. For example:
17. Click SAVE to answer Do you want to save the changes you made?
114
Task 5: Wait for the Data Collection
You wait for the data collection to make sure that Cloud Assembly is aware of the new vRealize
Orchestrator workflow.
115
Task 6: Create a Subscription
You create a subscription to run a vRealize Orchestrator workflow after the virtual machine is
provisioned.
1. Verify that you are on the Cloud Assembly logged into Cloud Assembly.
2. Click Extensibility.
The event.data filter is case-sensitive. You must enter it correctly. Only the letter
I in Id is capitalized. All the other letters of event.data.componentId are in the
lower case. The component name is also case-sensitive. DNS-VM is uppercase.
12. Enter DNS in the Search text box and select the vRA-Add-DNS workflow.
116
13. Click SELECT.
14. Verify that the Blocking slider is in the default left position (no blocking).
15. Verify that the Subscription scope slider is in the default right to turn on any project.
117
Task 7: Deploy Your Ubuntu System
You deploy the blueprint to test your subscription and workflow.
Option Action
Inputs Enter Ubuntu92 for the host name and 172.20.11.192 for the IP
address.
5. Click CLOSE.
7. After your deployment is complete, click the Orchestrator Client tab to go to vRealize
Orchestrator.
118
9. Locate the vRA-Add-DNS workflow run in the recent workflows that you have run.
If the vRA-Add-DNS workflow run does not appear, your subscription has failed to call the
workflow. You must verify your subscription settings, including the
event.data.componentId filter.
You can ignore the red time indicator on the part of the schema that calls the PowerShell
command. The red indicator indicates the part of the workflow that ran slowly. The call to
PowerShell takes less than 30 seconds to run.
If the Status appears as Failed, a problem with your workflow exists. You verify that you set
the PowerShell host correctly.
119
13. Verify your log.
The log must include the host name and the IP address sent to PowerShell.
15. Use the Remote Desktop Connection Manager to log in to the Domain Controller
(dc.vclass.local).
16. Use the DNS Manager icon on the dc.vclass.local toolbar to open the DNS Manager.
17. Expand the vclass.local forward lookup zone and verify that the Ubuntu92 host name with
the 172.20.11.192 IP address exists.
18. Click the refresh icon in the DNS Manager view to view the new DNS entry.
21. Do not delete the DNS-Test deployment as you need it for the next lab.
120
Lab 11 Using vRealize Orchestrator to
Delete a DNS Entry When vRealize
Automation Deploys a System
3. Create a Subscription
121
Task 1: Import and Modify a vRealize Orchestrator Workflow
You import and modify a workflow from a vRealize Orchestrator package. Your new workflow
deletes a DNS entry.
IMPORTANT
You import only one workflow. Do not import the entire package.
4. Click OPEN.
5. Click TRUST.
7. Double-click the select box by Name to select and then deselect all elements.
IMPORTANT
12. Click OPEN on the vRA-Delete-DNS catalog card and open it for editing.
14. Click the cmdletName variable and verify that the Value is set to Remove-
DnsServerResourceRecord.
The cmdletName variable is case-sensitive. Dns is not DNS.
15. Click SAVE to save the cmdletName value in case you make any change.
122
17. Click the Value text box.
19. Click SELECT and click SAVE to save the host variable value.
123
You enter the script manually. You must create and understand your own scripts. However,
if you cannot get the correct script code, use the
C:\Materials\vRO\Build_Command_Script_Delete_DNS.txt file to copy
and paste the code. If you copy and paste, you have to enter
System.log("pshellCommand is " + pshellCommand); in the second line
of the script.
NOTE
27. Click SAVE and click SAVE on the Do you want to save the changes you
made? message.
124
Task 2: Wait for the Data Collection
You wait for the data collection to ensure that Cloud Assembly is aware of the new vRealize
Orchestrator workflow.
125
Task 3: Create a Subscription
You create a subscription to run a vRealize Orchestrator workflow after the virtual machine is
provisioned.
2. Click Extensibility.
The event.data filter is case-sensitive. You must enter it correctly. Only the letter I in
Id is capitalized. All the other letters of event.data.componentId are in the lower
case. The component name is also case-sensitive. DNS-VM is uppercase.
12. Enter DNS in the Search text box and select the vRA-Delete-DNS workflow.
126
13. Click SELECT.
14. Verify that the Blocking slider is in the default left position (no blocking).
15. Verify that the Subscription scope slider is in the default right to turn on Any project.
127
Task 4: Delete the Ubuntu System
You delete your previous deployment to test your subscription and workflow.
NOTE
If your deployment is not deleted after five minutes, click the refresh icon on the browser to
verify that the deletion has not finished.
4. After your deployment is deleted, click the Orchestrator Client tab to go to vRealize
Orchestrator.
If the vRA-Delete-DNS workflow run does not appear, your subscription has failed to call the
workflow. You must verify your subscription settings, including the
event.data.componentId filter.
7. Open the vRA-Delete-DNS workflow run.
You can ignore the red time indicator on the part of the schema that calls the PowerShell
command. The red indicator indicates the part of the workflow that ran slowly. The call to
PowerShell takes less than 30 seconds to run.
If the Status appears as Failed, a problem with your workflow exists. Verify that you set the
PowerShell host correctly.
The log must include the host name and the IP address sent to PowerShell.
128
12. Use the Remote Desktop Connection Manager to reconnect to the dc.vclass.local domain
controller.
14. Expand the vclass.local forward lookup zone and click the refresh icon.
15. Verify that the Ubuntu92 host name with the 172.20.11.192 IP address is deleted.
129
Lab 12 Creating a Custom Resource to
Manage Active Directory Users
4. Import and Modify a YAML Blueprint That Creates an Ubuntu VM with a User Account
130
Task 1: Connect Your Active Directory Server in vRealize
Orchestrator
You connect vRealize Orchestrator to the Active Directory server so that Active Directory
workflows operate on your domain controller.
If Chrome is already running, but a tab logged in to vRealize Orchestrator is not open,
open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
j. Click Orchestrator.
You verify that one tab is for Cloud Assembly and one for the Orchestrator Client are
available.
3. Click the tree view icon on the upper right of the page.
4. In the Workflows navigation pane, navigate to Library > Microsoft > Active Directory >
Configuration.
6. Click RUN.
131
7. Run the workflow.
Option Action
Do not ask for confirmation when Keep the default setting of selected. This option
importing an SSL certificate. appears when you select Use SSL.
8. Click the Authentication tab to enter the Bind Type, Use a shared session, User name, and
Password information.
Option Action
IMPORTANT
132
10. Click RUN.
NOTE
If your workflow run fails, click RUN AGAIN and verify your inputs.
133
Task 2: Connect Your vCenter Server System in vRealize
Orchestrator
You connect vRealize Orchestrator to your vCenter Server system so you can manage the
vCenter Server inventory.
2. Click the tree view icon on the upper right of the page.
3. In the Workflows navigation pane, navigate to Library > vCenter > Configuration.
5. Click RUN.
Option Action
Location of the SDK that you use to connect to Verify that /sdk is in the text box.
the vCenter Server instance.
7. Click the Set the connection properties tab to enter user name and password.
134
8. Enter the connection properties values:
Option Action
Password of the user Orchestrator will Enter VMware1! in the text box.
use to connect to the vCenter Server
instance.
9. Click RUN.
If your workflow run fails, click RUN AGAIN and verify your inputs.
IMPORTANT
135
Task 3: Create a Custom Resource
You create a custom resource to manage Active Directory users.
The External Type must match the Type of the main variable that is used as an output
variable in the create workflow and as an input variable in the destroy workflow.
8. Move the Activate slider to the right so that the custom resource is active.
12. Select the Create a user with a password in an organizational unit workflow and click
ADD.
Custom resources must have the create workflow. The create workflow must output a
variable of the same type as External Type referenced in the custom resource.
14. Search for the Destroy a user workflow and select it.
Custom resources must have the destroy workflow. The destroy workflow must input a
variable of the same type as External Type referenced in the custom resource.
136
15. Verify that your custom resource matches the following code.
17. Under Additional actions, click +ADD and add the actions.
• Disable a user
137
For each action, you can include the Name and Menu label that matches the action. The
Name and the Menu label can be identical to the workflow name or you can create a
different Menu label and Name. You do not set conditions.
NOTE
Unlike the Create, Update, and Destroy Lifecycle Actions, the Additional actions do not have
to be related to the External Type that was previously specified. This allows you to add
other useful workflows that are unrelated to your custom resource. In this lab you are adding
several machine management workflows that are unrelated to the Active Directory user
management.
18. Click the Request Parameter icon on the Create virtual machine folder action.
138
If you are prompted, click SAVE before the custom form editor opens.
20. In the right pane, select Value Picker from the Display type drop-down menu.
22. Scroll down and click CREATE to save your new custom resource.
139
Task 4: Import and Modify a YAML Blueprint That Creates an Ubuntu
VM with a User Account
You import a blueprint that creates an Ubuntu system and creates a user account. You modify
the blueprint by adding custom resources.
Option Value
3. Click UPLOAD.
5. Click the refresh icon to the right of Search Resource Type in the left resource pane.
6. Scroll down and locate the AD-User-Management custom resource under Custom Resource.
140
7. Click AD-User-Management and drag it to the design canvas above Cloud_Network and to
the left of Ubuntu-CR.
NOTE
If you cannot drag a custom resource into your blueprint, close the Chrome browser and
reopen it.
8. Add the code for the input variables userDisplayName and userOU.
userDisplayName:
type: string
title: User Display Name
userOU:
type: object
title: Organizational Unit
$data: 'vro/data/inventory/AD:OrganizationalUnit'
properties:
id:
type: string
type:
type: string
141
NOTE
This code belongs in the inputs section. You can start it after the description line for the pass
input.
The YAML code is alignment-sensitive. Do not use tabs in YAML. Use the SPACE bar to
align your code.
resources:
Custom_ADUserMan_1:
type: Custom.ADUserMan
properties:
accountName: '${input.user}'
displayName: '${input.userDisplayName}'
ouContainer: '${input.userOU}'
domainName: vclass.local
password: '${input.pass}'
confirmPassword: '${input.pass}'
changePasswordAtNextLogon: false
142
10. Verify that the first part of your YAML code matches the following output.
Option Action
Organization Unit Enter e in the text box. Wait for the search function to work, scroll down,
and select ENG.
143
If the blueprint fails the test, correct the syntax problems.
NOTE
If you cannot solve the blueprint, you can cut and paste the text from a copy available at
c:\Materials\Blueprints\Answers\Ubuntu-CR-Answer.yaml.
144
Task 5: Deploy the Ubuntu System and Test the Custom Resource
You deploy the blueprint to test your custom resource.
Option Action
Organization Unit Enter e in the text box. Wait for the search function to work, scroll
down, and select ENG.
4. Click DEPLOY.
7. After the deployment is complete, click the Orchestrator Client tab to go to vRealize
Orchestrator.
145
9. Find the Create a user with a password in an organizational unit workflow run in the recent
workflow runs.
If the Create a user with a password in an organizational unit workflow run does not appear,
your custom resource has failed to call the workflow. Verify your custom resource settings,
the names of the work flows, and the External Type setting.
10. Open the Create a user with a password in an organizational unit workflow run.
You can ignore the red time indicator on the createUserWithPassword schema element. The
red indicator indicates the part of the workflow that ran slowly. The
createUserWithPassword schema element takes less than a few seconds to run.
11. Verify that the Create a user with a password in an organizational unit workflow status
appears Completed.
13. Use Remote Desktop Connection Manager to log in to the dc.vclass.local domain controller.
14. Use the Active Directory Users and Computers icon on the dc.vclass.local toolbar to open
Active Directory.
146
15. Expand ENG OU and verify that the ENG-CA-User03 user exists.
You click the refresh icon to view the new user entry.
147
Task 6: Test the Add a User to a User Group Additional Action
You test the Add a User to a User Group additional action.
1. Go to Deployments.
4. Select Add a user to a user group from the ACTIONS drop-down menu in the right pane.
6. Click SUBMIT.
You can monitor the progress of your action on the top left of the CR-Test deployment
page.
8. Use Remote Desktop Connection Manager to log in to the dc.vclass.local domain controller.
9. Open Active Directory by using the Active Directory Users and Computers icon on the
dc.vclass.local toolbar.
148
10. Expand ENG OU and verify that ENG-CA-User03 is a member of the ENG-CA-Admins
group.
You can click the refresh icon to see the new user entry.
149
Task 7: Test the Additional Actions
You test your additional actions to create a virtual machine folder and move a virtual machine.
1. Return to Cloud Assembly and verify that you have the CR-Test deployment open.
3. Select Create a virtual machine folder from the ACTIONS drop-down menu.
a. Enter a v in the Parent folder text box and scroll down and select vm.
b. Enter Action-Folder in the Name of the new folder text box.
When the action completes, use the vSphere Client to verify that the new VM folder
exists.
c. Click the ubuntu-cr component in the design canvas of the CR-Test deployment to
determine the Resource name (VM name).
You can also enter VMW-ENG in the virtual machine to move the text box. The virtual
machine name appears.
4. Return to Cloud Assembly and verify that you have the CR-Test deployment open.
5. Select the Ubuntu-CR component in the design canvas and record the name of the virtual
machine (VMW-ENG-xxxxxx).
6. Click the Custm_ADUserMan_1 object and select Move virtual machine to folder.
7. Enter the ENG-VM in the Virtual machine to move text box and scroll down and select the
correct virtual machine.
8. Enter Action in the Destination folder text box and scroll down and select Action-Folder.
9. Click SUBMIT.
10. When the action is complete, use the vSphere Client to verify that the virtual machine has
been moved into Action-Folder.
150
Task 8: Delete the Ubuntu System and the Active Directory User
You delete your deployment to save the lab resources.
6. After the deployment is deleted, click the Orchestrator Client tab to go to vRealize
Orchestrator.
You can click the refresh icon to see the latest run.
10. Verify that the Destroy a user workflow appears with the Completed status.
12. Use Remote Desktop Connection Manager to log in to the (dc.vclass.local) domain
controller.
14. Expand the ENG OU and verify that the ENG-CA-User03 does not exist.
You can click the refresh icon to see that the user has disappeared.
151
Lab 13 Creating a Resource Action to
Move a Virtual Machine to a Folder
152
Task 1: Deploy a Virtual Machine to Test Your Resource Action
You deploy a virtual machine and use this virtual machine later to test your action.
1. (Optional) Log in to vRealize Orchestrator, the vSphere Client, and log in to Cloud Assembly.
Use this step only if you do not have two browser tabs that are not logged in to vRealize
Orchestrator, the vSphere Client, and Cloud Assembly.
If Chrome is already running, but a tab logged in to vRealize Orchestrator is not open,
open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
j. Click Orchestrator.
k. (Optional) If you do not have a Chrome browser tab that is logged in to the vSphere
Client, open a new browser tab and go to Infrastructure > vSphere Client (SA-VCSA-
01).
You verify that one tab is for Cloud Assembly, one for the vSphere Client, and one for
the Orchestrator Client are available.
153
4. Deploy the VMW-Centos-Static blueprint.
Option Action
6. Record the name of the virtual machine that you deployed in vSphere (VMW-ENG-xxxxxx).
__________
9. Right-click SA-Datacenter and navigate to New Folder > New VM and Template folder.
10. Enter RA-Folder in the Enter a name for the folder text box and click OK.
154
Task 2: (Optional) Add a vCenter Server Instance to vRealize
Orchestrator
If you did not add the vCenter Server instance to vRealize Orchestrator in an earlier lab, you must
run this task to add a vCenter Server instance to vRealize Orchestrator.
You can click anywhere above the Add filter text box to remove the second filter text box.
155
5. Configure settings to run the workflow.
Option Action
HTTPS port of the vCenter Server Keep the default value of 443.
instance
Location of the SDK that you use to Keep the default value of /sdk.
connect to the vCenter Server instance
Password of the user that Orchestrator Enter VMware1! in the text box.
will use to connect to the vCenter
Server instance
You must click the Set the connection properties tab to configure the session, user name,
password, and domain name values.
6. Click RUN.
7. Verify that the workflow completes with the Completed status, which indicates a successful
run.
8. Click CLOSE.
156
Task 3: Create Your Binding Action
You use vRealize Orchestrator to create an action that is used to bind a variable in vRealize
Automation.
The module name is lower case and in dot notation, which follows the basic standard of
com.[company].library.[component].[interface].
The module is not important for the vRealize Orchestrator action that is used as a binding
action by vRealize Automation. You can use any general-purpose module. You could also
create your own module, like com.vmeduc.mymodule. vRealize Orchestrator uses
module names to group related actions together. However, the combination of the name of
the action and the name of the module must be unique. No two actions in the same module
with the same name must exist.
11. Enter Name of the VM you are searching for in the Description text box.
12. Enter virtualmachine in the Select Type search text box of Return Type and click
VC:VirtualMachine.
157
13. Verify that your Properties in the right pane are correctly configured.
As you enter code, click the code items that match your text as they appear. For example,
after you enter VcPlugin.getAllV , you can click VcPlugin.getAllVirtualMachines.
Similarly, when you enter allVm, click allVms. You must click and select code items as they
are available instead of entering them. Clicking these items correctly links the code to
predefined elements in vRealize Orchestrator and avoids typographical errors.
158
15. Verify that your JavaScript code is correct.
If you click and link the code, several items in the code change color. For example, name is
green as it is a predefined input. Similarly, VcPlugin is light green. Other items appear blue and
black.
159
Task 4: Test Your Binding Action
You use vRealize Orchestrator to test the action that is used in binding.
3. Enter the name of the virtual machine (VMW-ENG-xxxxxx) that you deployed in the Name
text box.
IMPORTANT
The name is case-sensitive and must match the deployed virtual machine name exactly.
4. Click RUN.
10. Verify that the Action Result Type in Results/Inputs is empty and the value is Not set.
160
12. Verify that the VM not found message appears in the log file.
You must wait until a data collection completes to inventory your new binding action.
161
Task 5: Create a vRealize Automation Resource Action
You create a vRealize Automation resource action.
6. Turn on the Activate toggle to the right to Activate the resource action.
8. Click ADD.
9. Click +ADD and select Move virtual machine to folder as the Workflow.
You verify that you do not select the Move virtual machines (plural) to the folder workflow.
162
12. Select vm from the Workflow Input drop-down menu in the Property Binding pane.
If you did not correctly specify a return type of VC:VirtualMachine in your binding action in
vRealize Orchestrator, the getVMbyName binding action does not appear in your binding
actions search.
14. Enter ${properties.resourceName} in the Value text box of the Binding Action
input name.
163
Task 6: Test Your Resource Action
You use vRealize Automation to test the new resource action.
4. In the right pane, click Move VM to Folder from the Cloud_vSphere_Machine_1 ACTIONS
drop-down menu.
6. Click SUBMIT.
164
7. Wait for the action to complete.
8. Click CLOSE.
10. Go to VMs and Templates and verify that the virtual machine you deployed appears in RA-
Folder.
12. Click DELETE on the ACTIONS drop-down menu to delete the Centos-Static deployment.
165
Lab 14 Creating a Content Source
from vRealize Orchestrator
166
Task 1: Create a Content Source from a vRealize Orchestrator
Workflow
You configure a vRealize Orchestrator workflow as a vRealize Automation content source.
Use this step only if you do not have two browser tabs that are not logged in to vRealize
Orchestrator and Cloud Assembly.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
f. Click Cloud Assembly.
j. Click Orchestrator.
One tab is for Cloud Assembly and the other tab for the vRealize Orchestrator Client.
167
11. Enter Create a virtual machine folder in vCenter in the Description
text box.
14. Scroll down, select Create virtual machine folder, and click ADD.
168
Task 3: Run the New Catalog Item
You run the new catalog item.
6. Click SUBMIT.
169
Task 4: Verify the Deployment
You verify that the vRealize Orchestrator workflow has run successfully.
170
Lab 15 Creating an ABX Action to
Rename a Virtual Machine
2. Create a Subscription
3. Upload a Blueprint
171
Task 1: Create an Action Script
You create an action script that renames a virtual machine.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
a. Start Chrome and open a new tab for the vSphere Client.
If Chrome is already running, but a tab logged in to vSphere Client is not open, open a
new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
6. Select VMW-ENG from the Project drop-down menu and click NEXT.
172
8. Cut and paste the code from C:\Materials\ABX-Actions\Rename-vSphere-
VM-on-Deployment.txt on your student desktop.
def handler(context, inputs):
outputs = {}
outputs["resourceNames"] = inputs["resourceNames"]
print("Current Name")
print(inputs["resourceNames"][0])
oldName = inputs["resourceNames"][0]
newName = inputs["customProperties"]["newHostName"]
print("Action complete")
return outputs
9. Examine your code and understand how it works.
In the code:
• A newName variable is initialized and loaded from the YAML property in the
newHostName blueprint.
• The resourceNames[0] custom property is loaded with the new name. It is assigned to
the virtual machine in vSphere.
10. Verify that the Main function is handler in the right pane.
11. Click the - (minus icon) to delete the Default Input of target or world.
173
13. Select On Prem from the FaaS provider drop-down menu.
You can use the Auto Select default setting. The best practice is to manually set the FaaS
provider and verify that it is configured correctly if you must use one of the cloud-based
FaaS providers.
14. Verify that the Set custom timeout and limits slider is set to the left (off position).
Your test run fails with KeyError on resourceNames because the resourceNames
array cannot manage the action in the default input. Verify that are no other syntax errors
are reported.
174
Task 2: Create a Subscription
You create a subscription that calls the action.
8. Slide the Blocking slider to the right and enter 2 in the Timeout text box.
175
176
Task 3: Upload a Blueprint
You upload a blueprint to use with the ABX action.
Option Action
In the code:
• This blueprint has no network so it deploys faster. A network is not needed in this lab.
177
Task 4: Test Your Action by Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
Option Action
5. Click the latest Rename-vSphere-VM-on-Deployment action run to open the action run.
6. Click the Log tag and verify that the action run is successful.
The log file might show a different Current Name for your VM.
178
7. Click Details and verify that the original resourceNames is VMW-ENG-xxxxxx and the new
resourceNames is Centos-ABX.
8. Click the Deployments tab and wait for your deployment to complete.
179
10. Verify that the VM deployed in Lab-VMs is Centos-ABX.
180
Task 5: Delete the Deployment to Save the Lab Resources
Delete your deployment to save the lab resources.
You disable the subscription so that it does not interfere with the future labs.
181
Lab 16 Creating an ABX Action to Tag
a Virtual Machine
2. Create a Subscription
182
Task 1: Create an Action Script
You create an action script that renames a virtual machine.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
If Chrome is already running, but a tab logged in to vRealize Orchestrator is not open,
open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
6. Select VMW-ENG from the Project drop-down menu and click NEXT.
183
9. Copy and paste this code from C:\Materials\ABX\Tag-vSphere-VM-With-
Tags-Object.txt on your student desktop.
exports.handler = function handler(context, inputs) {
let tagsAsString = inputs.customProperties.yamlTags;
let tagsJsonObject = JSON.parse(tagsAsString);
let outputs = {};
outputs.tags = inputs.tags;
console.log("==========================================");
console.log("inputs.tags:");
console.log(inputs.tags);
console.log("==========================================");
console.log("tagsAsString:");
console.log(tagsAsString);
console.log("==========================================");
console.log("tagsJsonObject:");
console.log(tagsJsonObject);
console.log("==========================================");
Object.keys(tagsJsonObject).forEach(key => {
outputs.tags[key] = tagsJsonObject[key];
console.log("key: " + key + " / value: " +
tagsJsonObject[key]);
});
return outputs;
};
10. Examine your code carefully.
Observe the following features:
• A string variable named tagsAsString is initialized with the yamlTags. Although it is
entered as an object in the YAML blueprint, the only way ABX can receive it is as a string.
• A new variable, tagsJsonObject is initialized using the JSON parse function.
• An outputs.tags array is initialized empty.
• A loop is set up to go through the tagsJasonObject array and load it into the outputs.tag
object.
• ABX actions are functions. A return command is required at the end. The
outputs.tags object is returned.
184
11. Verify that the Main function is handler in the right pane.
12. Click the - (minus) icon to delete the Default Input of target / World.
15. Verify that the Set custom timeout and limits slider is to the left (off position).
185
Task 2: Create a Subscription
You create a subscription that calls the action.
8. Slide the Blocking slider to the right and enter 4 in the Timeout text box.
186
10. Click SAVE.
187
Task 3: Upload and Modify a Blueprint
You upload and modify a blueprint to use with the ABX action.
Option Action
4. Add the following code to the inputs section of the YAML code.
UserTags:
type: object
title: Enter your user tags
5. Add the code to the properties section of ABX-VM.
yamlTags: '${input.UserTags}'
188
6. Verify your blueprint YAML code.
7. Click CLOSE.
189
Task 4: Test Your Action by Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
1. Select the Centos-ABX-TAG blueprint and start a deployment with these parameters.
Option Action
5. Click APPLY.
190
9. Verify that your deployment inputs are correct.
You have entered the data for an Object variable. Objects are key-value pairs.
If the vRA1 key is repeated for both the pairs, only the last entry is used.
12. After the deployment is complete, click to record the name of your deployed virtual machine
(VMW-ENG-xxxxxx) and click CLOSE. __________
NOTE
The subscription that is used to rename the VM was disabled from the previous lab. As a
result, the host name that you specified during the deployment is not updated.
191
15. Click the Log tag and verify that your action is successful.
16. Click Details and verify that the original tags are empty and that the new Outputs tags are
vRA1: ABX1 and vSphere : Production.
18. Select the deployed virtual machine in Lab-VMs and verify that the VM deployed in Lab-VMs
has the correct tags assigned.
192
Lab 17 Creating an ABX Action to
Dump the Payload
2. Create a Subscription
193
Task 1: Create an Action Script
You create an action script that renames a virtual machine.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
a. Start Chrome.
If Chrome is already running, but a tab logged in to vSphere Client is not open, open a
new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
i. Login with the administrator@vsphere.local user account and the VMware1! password.
6. Select VMW-ENG from the Project drop-down menu and click NEXT.
8. Copy and paste the code to dump the inputs handed to the ABX action from
C:\Materials\ABX\Dump-the-Payload.txt on your student desktop.
import json
10. Click the - (minus) icon to delete the default Input of target / World.
194
11. Verify that the Dependency text box is empty.
13. Verify that the Set custom timeout and limits slider is to the left (off position).
195
Task 2: Create a Subscription
You create a subscription that calls the action.
5. Click +ADD in Event Topic, select Compute post provision, and click SELECT.
Depending on when you run the subscription, the inputs and custom properties differ. Some
custom properties do not exist during earlier event topics. Some custom properties change
between event topics.
As no changes occur, you do not need to delay the deployment process by blocking other
events until the deployment is complete.
196
9. Verify that your Subscription is configured correctly and click SAVE.
197
Task 3: Test Your Action By Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
1. Select the Centos-ABX-Tag blueprint and start a deployment with these parameters.
Option Action
5. Click APPLY.
6. Click DEPLOY.
198
11. Click the Log tab and view the output.
199
Lab 18 Combining ABX Actions to an
ABX Flow
4. Create a Subscription
200
Task 1: Create an Action Flow
You create an action flow combines multiple action scripts.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
f. Click Cloud Assembly.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
7. Select VMW-ENG from the Project drop-down menu and click NEXT.
201
11. Press the spacebar.
13. Use the same method to replace the second action_placeholer with the Tag-
vSphere-VM-With-Tags-Object action script.
202
14. Use the same method to replace error_handler_placeholder with Dump-the-
Payload.
Each block in the diagram shows the label, the name of the action called, and the icon to
indicate the type of action (Script, REST, and so on).
For example, the action1 is the first box. The label called in the action-flow script is
action1. The action calls the Rename-vSphere-VM-On-Deployment ABX action
(only the part of the name that is visible). The icon is a document scroll, which is the icon for a
script.
17. Click the eye icon in action1 to open the Rename-vSphere-VM-on-Deployment action.
203
The script within the action appears. You can click EDIT ACTION to directly edit this action.
204
Task 2: Add a Conditional Statement to Your Action Flow
You modify your action flow with a conditional statement.
The code graph in the right pane has changed. A new switch symbol with a single branch
appears.
205
7. Enter the following code after the action: Tag-vSphere-VM-with-Tags-
Object code in your flow: action.
next: action3
action3:
action: Dump-the-Payload
next: flow_end
8. Verify that your program code is correct.
206
9. Verify that the graph in the right pane matches the screenshot.
207
Task 3: Modify the First Action Script to Output Custom Properties
You modify the Rename-vSphere-VM-on-Deployment action script to output custom properties
for use in the action flow switch.
2. Add the following code to the Rename-vSphere-VM-on-Deployment action script after the
outputs["resourceNames"] = inputs["resourceNames"] line.
outputs["customProperties"] = inputs["customProperties"]
The customProperties object with the current customProperties object from
the payload is loaded.
3. Add the following code to the Rename-vSphere-VM-on-Deployment action script after the
newName = inputs["customProperties"]["newHostName"] line.
tagControl = inputs["customProperties"]["tagControl"]
The local tagControl variable based off of the tagControl custom property from the
YAML blueprint is created.
208
Task 4: Create a Subscription
You create a subscription that calls the action.
5. Click +ADD in Event Topic, select Compute allocation and click SELECT.
8. Slide the Blocking slider to the right and enter 6 in the Timeout text box.
209
10. Click DISABLE on the Tag-VM-From-YAML subscription.
This step prevents two subscriptions from trying to run the same action script on the same
deployed system.
You can run multiple subscriptions on a single deployment. However, too many subscriptions
can slow down your deployment significantly.
If you must run multiple subscriptions on a deployment, verify that they do not conflict with
each other. You can prevent the conflict by using different ABX actions with different
subscriptions, or by calling the same action from different event topics.
The priority setting on subscriptions can also be used to prevent any conflict. You must set
your subscriptions to different priorities and verify that they are blocking subscriptions.
210
Task 5: Modify an Existing Blueprint
You modify an existing blueprint to use with the ABX action.
Option Action
5. Add the following code to the inputs section of the YAML code under the UserTags
block.
tagInput:
type: string
enum:
- TagVM
- NoTag
title: Tag VM?
6. Add the code to the properties section of ABX-VM.
tagControl: '${input.tagInput}'
211
7. Verify your blueprint YAML code.
The tagControl custom property is used to control the switch in the action flow you
created.
8. Click CLOSE.
212
Task 6: Test Your Action by Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
1. Select the Centos-ABX-FLOW blueprint and start a deployment with the parameters.
Option Action
Using a value of TagVM for this custom property causes the action-flow switch to take the
path that tags the VM, after the VM is renamed.
4. Click DEPLOY.
213
5. Click CLOSE.
Option Action
You verify that you change the default host name from Centos-ABX to Centos-ABX2.
Using a value of NoTag for this custom property causes the action-flow switch to skip the
path that tags the VM, after the VM is renamed. The VM is renamed. No tags are applied.
214
Task 7: Verify Your Deployments and Actions
You verify that the new action and the new subscription work by deploying the blueprint.
• Rename-VM-and-Tag-VM-Flow
• Rename-vSphere-VM-on-Deployment
• Tag-vSphere-VM-with-Tags-Object
• Dump-the-Payload
• Rename-VM-and-Tag-VM-Flow
• Rename-vSphere-VM-on-Deployment
215
• Dump-the-Payload
3. Click the first (lower) Rename-VM-and-Tag-VM-Flow action to open the earliest action flow
run that is associated with the Flow-Test deployment.
216
4. Click the Source tag to see the source code of the action flow.
5. Verify that the right pane shows your timeline of the called actions.
6. Click Details and verify that the original tags are empty and the new Outputs tags are
vRA2: ABX2 and vSphere : Flow-Test.
217
8. Click the Centos-ABX VM in Lab-VMs and verify that the correct tags are assigned to the
VM deployed in Lab-VMs.
9. Click the Centos-ABX2 VM in Lab-VMs and verify that no tags are assigned to the VM
deployed in Lab-VMs.
218
Lab 19 Troubleshooting an ABX FLow
2. Create a Subscription
219
Task 1: Import Several Actions
You import several actions to create a broken action flow.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
f. Click Cloud Assembly.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
4. Click + IMPORT.
8. Click IMPORT.
9. (Optional) If you see a conflict indicating that the Dump-the-Payload Action already exists,
select Skip conflicting actions.
220
Task 2: Create a Subscription
You create a subscription that calls the action.
5. Click +ADD in Event Topic, select Compute allocation and click SELECT.
8. Slide the Blocking slider to the right and enter 6 in the Timeout text box.
221
10. Click DISABLE on all other subscriptions.
This step prevents two subscriptions from trying to run the same action script on the same
deployed system.
You can run multiple subscriptions on a single deployment. However, too many subscriptions
can slow down your deployment significantly.
If you must run multiple subscriptions on a deployment, verify that they do not conflict with
each other. You can prevent the conflict by using different ABX actions with different
subscriptions, or by calling the same action from different event topics.
The priority setting on subscriptions can also be used to prevent any conflict. You must set
your subscriptions to different priorities and verify that they are blocking subscriptions.
222
Task 3: Test Your Action by Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
Option Action
5. Click DEPLOY.
6. Click History.
223
Task 4: Troubleshoot the Problems in Your Actions
You troubleshoot the problems in your actions.
• Bad-Report-Errors is the error control procedure. It is called by the action flow when a
problem occurs.
The Bad-Report-Errors action is started by the API and not by an Event. The action flow
triggers the action when the error occurs.
224
4. Click Bad-Flow to view the Bad-Flow action run.
Observe that the first action, Bad-Rename-vSphere, appears with the Completed status. This
action runs without errors.
You observe that the next action run that ran after the Bad-Rename-vSphere-VM action
completed, is the Bad-Report-Errors action. This action only runs when an error appears. As
the first action was completed without an error, and the error occurred immediately, the main
action flow logic might have caused the error.
5. Click Source and then click the Details tab to look at the source code of the main action-
flow.
225
Task 5: Correct the Code in Bad-Rename-vSphere-VM
You correct the code in Bad-Rename-vSphere-VM.
Q2. Is the tagControl variable passed as an output to the main action flow?
A2. No. The new VM name is passed as an o utput in outputs.resourceNames[0] = newName; tagControl but no outp ut line for exists.
226
5. Click SAVE after you have corrected your Bad-Rename-vSphere-VM Action code.
6. Click CLOSE.
227
Task 6: Test Your Corrected Action by Deploying the Blueprint
You verify that the new action and the new subscription work by deploying the blueprint.
Option Action
4. Click DEPLOY.
228
Task 7: Verify Your Deployments and Actions
You verify that the new action and the new subscription work by deploying the blueprint.
• Bad-Flow
• Bad-Rename-vSphere-VM
• Bad-Tag-VMs-with-Tags-Object
• Dump-the-Payload.
3. Click the first (lower) Bad-Flow action to open the earliest action flow run that is associated
with your Trouble-Shooting3 deployment.
229
4. Verify that the right pane shows your timeline of the called actions called.
5. Click Details and verify that the original tags are empty and the new Outputs tags are
vRA5 and ABX5.
8. Click the Centos-Trouble3 VM in Lab-VMs and verify that the VM deployed in Lab-VMs has
the correct tags assigned.
230
Task 8: Delete the Deployments to Save the Lab Resources
You delete all your deployments to save the lab resources.
231
Lab 20 Build a Deployment in
Kubernetes
232
Task 1: Build a Simple Container
You log in to the Kubernetes primary node to find the templates folder and deploy a basic
Kubernetes container.
The current version of Kubernetes is installed. You can see the available commands or API
versions. The API versions correlate to the available API versions in the YAML code.
The proxy server is operational. The proxy service starts in a few minutes.
You can double-click the k8s-master server to open another tab and continue with the
second tab in the MTPuTTY window.
9. Enter cd /etc/kubernetes/templates.
A pod is created based on the file YAML code. This command runs the create command
based on the file kuard-pod.yaml file which is a Linux system running a demo
application called Kubernetes up and running demo.
12. Verify the container name and container port in the YAML file.
The port is available externally. You must know the pod name and port.
233
Task 2: Expose the Container to the Cluster IP
You add a port service to the container to expose the web port to the cluster.
The service file to create an external connection to the 8080 port is created. The label is set
for kuard. So, this service attaches itself to any system that has the name kuard in the pod.
The available networking services in all namespaces appear. The kuard service, with the port
8080 and a cluster IP appear.
4. Delete the service and pod to combine to a single deployment in the next task.
234
Task 3: Create a Single Deployment
You combine the two files to a single file. You can join multiple machines, services, and resources
to a single deployment for practical applications.
4. Press Enter, enter three minus signs, and press Enter again to separate the first file from the
second.
7. Paste the text into the notepad++ file under the ---.
235
8. Select all text to copy from the Notepad++ file.
236
Task 4: Deploy the Pod and Service
You deploy and verify the configuration.
You can leave the MTPuTTY window open for the next lab.
237
Lab 21 Deploying a Load Balanced
Deployment in Kubernetes
238
Task 1: Create a Replica Set of Multiple Pods
You deploy a multimachine replica set to a Kubernetes cluster.
3. Enter cd /etc/kubernetes/templates.
4. Enter nano apache-deployment.yaml to open a text file and enter data.
Setting Value
apiVersion apps/v1
kind Deployment
name apache
run apache
replicas 1
run apache
image k8s.gcr.io/php-apache
239
replica set
- name: apache
image: k8s.gcr.io/php-apache #sets the image to be
replicated
ports:
- containerPort: 80
6. Create a load balancer after the replica set to create an inbuilt load balancer and hit any
nodes in the replica set.
Setting Value
apiVersion v1
kind Service
name apache
namespace lab-demo
port 80
targetPort 80
type LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: apache
namespace: lab-demo
spec:
selector:
app: apache
ports:
- port: 80
targetPort: 80
type: LoadBalancer
7. Enter Ctrl +X to exit the nano application.
240
Task 2: Deploy and Verify the Replica Set
You deploy and verify the services in the Apache replica set.
You must not use virtual machine snapshots as a virtual machine backup strategy.
A message that you must use apply only on created resources appears.
The number of replicas that appear are one-third or more depending on the speed.
241
Lab 22 Using vRealize Automation
Code Stream to Deploy a Basic
Container
242
Task 1: Create a Kubernetes Namespace
Your pipeline creates a container in Kubernetes. It needs a Kubernetes name space already
created before it runs.
5. If the lab-demo namespace does not exist, enter kubectl create namespace
lab-demo.
243
Task 2: Set Up the Pipeline
You create the pipeline and set up a stage.
a. Start Chrome.
If Chrome is already running but a tab logged into vRealize Automation Code Stream is
not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
f. Click Code Stream.
2. Click Continue on the bottom of the Code stream Guided Setup Diagram if it appears.
NOTE
Observe that the configuration already has a security token assigned to the Kubernetes
configuration. If you want information on the RBAC configuration, the configuration yaml files
are contained in /etc/kubernetes/rbac/ in the sa-k8s-master node. You can access the files
and use kubectl describe secrets to access the security token for the admin
account created from the files.
5. Click CANCEL.
7. Click the + New Pipeline option from the top of the screen.
244
13. Click the +Stage box to create a base stage.
14. Enter Container Build in the Stage name text box in the right pane.
15. Click + Sequential Task in the Container Build stage to add the first element to the stage.
NOTE
NOTE
This template is a skeleton file. The YAML formatting is intact to simplify the build.
245
Task 3: Set Up Parameters for the Pod
You fill out the template and setup inputs to customize the deployment.
1. Click the Input tab above the Container Build stage in the left pane.
2. Click ADD.
8. Click OK.
11. Click the Model tab to enter the graphical pipeline view.
The screen opens back up to the last object selected, so you must not have to select the
Build Kuard task.
246
12. Use the following screenshot to guide you on the changes needed inside the local YAML file.
14. In the YAML definition text box, enter Pod to the right of kind:.
15. In the YAML definition text box, enter ${input.Name} to the right of name: under
metadata:.
This property allows the user to enter the input Name into the name of the container.
16. In the YAML definition text box, enter ${input.Namespace} to the right of
namespace:.
17. In the YAML definition text box, enter kuard to the right of app:.
19. In the YAML definition text box, enter ${input.Name} to the right of name: under spec:.
247
Task 4: Set Up Parameters for the Network Service
You fill the service-template.yaml and set up inputs to customize the deployment.
1. Click the + Sequential Task in the Container Build stage in the left pane.
2. Enter Expose 8080 in the Task name text box in the right pane.
9. Use the following screenshot to guide you on the changes needed inside the Local YAML
file.
This is the final version of the YAML.
12. In the YAML definition text box, enter ${input.Name} to the right of name: under
metadata:.
13. In the YAML definition text box, enter ${input.Namespace} to the right of
namespace:.
248
14. Enter run: kuard to replace app:.
This selects any containers with a label of kuard and opens port 8080 in the container.
249
Task 5: Deploy the Container
You deploy the pipeline to create the container.
A green bar across the top appears. If any errors occur, follow the instructions to resolve.
The properties are case-sensitive.
3. Click CLOSE.
NOTE
Be careful with the close button. If you do not save before closing, the screen reverts all
changes to their previous version.
4. Select Enable from the ACTIONS drop-down menu on the Kubernetes Pod catalog card.
5. Click RUN.
IMPORTANT
It is critical that the name is all in lowercase. The vRealize Automation Code Stream
execution fails if it is not.
Keep spaces, special characters, and capital letters out of container names because
commands are based on CLI and spaces delineate new objects.
7. Click RUN.
8. Click Executions to see the container run in action. The build should run fairly quickly for
about 1 minute.
9. You should see the execution run, and then end with a COMPLETED status.
250
Task 6: Verify Your Container Creation
You verify the creation of a container in Kubernetes.
251
Lab 23 Using vRealize Automation
Code Stream to Build a Replica Set
Container with a Load Balancer
252
Task 1: Create a Kubernetes Namespace
Your pipeline creates a container in Kubernetes. It needs a Kubernetes name space already
created before it runs.
5. If the web namespace does not exist, enter kubectl create namespace web.
253
Task 2: Set Up the Pipeline
You create the pipeline and set up a stage.
a. Start Chrome.
If Chrome is already running but a tab logged into Orchestrator is not open, open a new
tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
f. Click Code Stream.
2. Click Continue on the bottom of the Code stream Guided Setup Diagram if it appears.
4. Click the + New Pipeline option from the top of the screen.
11. Enter Container Build in the Stage name text box in the right pane.
254
Task 3: Set up Parameters for the Pod
You set up the parameters for the pod.
1. Click the Input tab above the Container Build stage in the left pane.
2. Click ADD.
3. You are creating these inputs. Look at this screen carefully. It is confusing that you have an
input whose "name" is "Name".
Name Value
Name Name
Value onenode
Name Value
Name Namespace
Value web
255
6. Enter the NumberReplicas input:
Name Value
Name NumberReplicas
Value 1
NOTE
Do not worry about the warning message about the fact that the Stage Container Build does
not have any task yet. You create that task next.
256
Task 4: Configure the Build Namespace Task
You configure the Build Namespace task.
2. Click + Sequential Task in the Container Build stage to add the first element to the stage.
NOTE
This is the same as using the kubectl create command on the Kubernetes server.
11. Navigate to C:\Materials\Blueprints\ and select Build Namespace.yaml and click Open.
NOTE
This template is a skeleton file. The YAML formatting is intact to simplify the build.
257
Task 5: Configure the Build Namespace Local YAML File
You configure the Build Namespace Local YAML file.
2. Use the following screenshot to guide you on the changes needed inside the Local YAML
file. This is the final version of the YAML.
apiVersion: v1
kind:
metadata:
name: ${input.Namespace}
labels:
name: ${input.Namespace}
IMPORTANT
Make sure there is a single blank space between any colon (:) in YAML and the value
following it. For example, the metadata > name: line is name: ${input.Namespace},
not name:${input.Namespace}. If you do not include this single blank space your
pipeline still pass the VALIDATE TASK test, but the pipeline does not work.
258
3. Verify your Build Namespace task settings.
5. Click SAVE.
1. Click the +Stage icon to add a new stage under the Container Build stage.
2. Enter Build Replica Set in the Stage name text box in the right pane.
259
Task 7: Build the Build Replica Set Task
You build the Build Replica Set task, which installs replicas of Apache as a Kubernetes pod.
This is the same as using the kubectl create command on the Kubernetes server.
260
10. Click VALIDATE TASK and correct any errors.
261
Task 8: Build the Build Services Stage
You build the Build Services stage.
1. Click the +Stage icon to add a new stage under the Build Replica Set stage.
2. Enter Build Services in the Stage name text box in the right pane.
262
Task 9: Configure the Expose 80 Task
You configure the Expose 80 task.
1. Click + Sequential Task in the Build Services stage to add the first element to the stage.
This is the same as using the kubectl create command on the Kubernetes server.
263
Task 10: Create the Update Load Balancer Task
You create and configure the Update Load Balancer task.
1. Click + Sequential Task to the right of Expose 80 in the Build Services stage to add the
second element to the stage.
${input.NumberReplicas} > 1
This updates the load balancer if more than one replica is created.
IMPORTANT
264
11. Verify that your Update Load Balancer task is correctly configured.
265
Task 11: Verify Your Pipeline
Verify that your pipeline is correctly configured.
266
3. Verify that the Build Replica Set task is correctly configured:
267
4. Verify that the Expose 80 task is correctly configured:
268
5. Verify that the Update Load Balancer task is correctly configured:
6. Click SAVE.
7. Click CLOSE.
269
Task 12: Deploy the Container
1. Select Enable from the ACTIONS drop-down menu on the Replica-Set-with-Network-
Service catalog card.
2. Click RUN.
IMPORTANT
It is critical that the name is all in lowercase. The vRealize Automation Code Stream
execution fails if it is not.
Keep spaces, special characters, and capital letters out of container names because
commands are based on CLI and spaces delineate new objects.
6. Click RUN.
7. Click Executions to see the container run in action. The build must run fairly quickly for about
1 minute.
8. You should see the execution run, and then end with a COMPLETED status.
270
Task 13: Verify Your Container Creation with One Pod
You verify the creation of a container in Kubernetes with a single pod.
2. Click Pipelines.
IMPORTANT
It is critical that the name be all in lowercase. The vRealize Automation Code Stream
execution fails if it is not.
Keep spaces, special characters, and capital letters out of container names because
commands are based on CLI and spaces delineate new objects.
7. Click RUN.
You must see the execution run end with a COMPLETED status.
271
Task 15: Verify Your Container Creation With Two Pods
You verify the creation of a container in Kubernetes with two pods.
NOTE
You see the single deployment for onenode and two deployments for twonodes.
NOTE
272
Lab 24 Calling Cloud Assembly and
vRealize Orchestrator from vRealize
Automation Code Stream
5. (Optional) Upload a YAML Blueprint That Deploys an Ubuntu Server with a Static IP Address
273
Task 1: (Optional) Prepare Your PowerShell Host
You use PowerShell to run a command that adds a DNS entry to the DNS host. To simplify the
connection of vRealize Orchestrator to PowerShell, you must first open security on the
PowerShell host.
NOTE
If you have configured the dc.vclass.local PowerShell host to communicate with vRealize
Orchestrator in a previous lab, you can skip this task.
2. Double-click DC (vclass.local).
You must enter {} and not parentheses with the Basic="true" parameter.
Unencrypted communications indicate that vRealize Orchestrator can use the HTTP protocol
instead of HTTPS to communicate with the PowerShell host. Encrypted communications
require an exchange of valid digital certificates.
274
You must enter braces {} and not parentheses with the Basic="true" parameter.
Unencrypted communications indicate that vRealize Orchestrator can use the HTTP protocol
instead of HTTPS to communicate with the PowerShell host. Encrypted communications
require an exchange of valid digital certificates.
275
Task 2: (Optional) Connect Your PowerShell Endpoint in vRealize
Orchestrator
You connect vRealize Orchestrator to the PowerShell host so that workflows can run PowerShell
commands.
NOTE
Use this step only if you do not have two browser tabs that are currently logged in to
vRealize Orchestrator and Cloud Assembly.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
j. Click Orchestrator.
Two filters are created. The Add a PowerShell host workflow appears.
You can click anywhere above the filter text box to remove the third filter text box.
276
6. Run the workflow.
Option Action
7. After you enter the Name, Host / IP, and Port information, click the User Credentials tab.
Option Action
IMPORTANT
Make sure you use the administrator@vclass.local account and not the
administrator@vsphere.local account. You are connecting to the Windows domain controller.
You do not have to use a domain controller as your PowerShell host. But that is how your
lab environment is configured.
9. Click RUN.
10. Verify that the Add a PowerShell Host workflow runs successfully and ends with a status of
Completed.
11. If your workflow run fails, click RUN AGAIN and verify your inputs.
277
Task 3: Import a vRealize Orchestrator Package
You import a vRealize Orchestrator package. The workflow in this package adds a DNS entry to
the DNS server.
5. Click IMPORT.
7. Click OPEN on the vRA-Add-DNS catalog card to open the workflow for editing.
8. Click Variables.
9. Click Host.
278
12. Click SELECT and click SAVE.
16. Click SAVE to answer Do you want to save the changes you made?
279
Task 4: Tag Your vRealize Orchestrator Workflow
You tag a vRealize Orchestrator workflow so that vRealize Automation Code Stream can use it.
NOTE
You must run the Tag workflow workflow on any workflows that you plan to use in vRealize
Automation Code Stream.
4. Enter DNS in the Tagged workflow text box and click vRA-Add-DNS-CS.
9. Click RUN.
280
Task 5: (Optional) Upload a YAML Blueprint That Deploys an Ubuntu
Server with a Static IP Address
Upload a YAML blueprint that deploys an Ubuntu Server with a static IP address.
NOTE
If you have already imported the Ubuntu-Static-IP blueprint, you can skip this task.
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
Verify that you log in to the vRA-Standard system, not the vRA-Clustered system.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and VMware1! as the password.
Option Action
281
Task 6: Release Your Blueprint
You release the blueprint you imported.
4. Click VERSION.
7. Click CLOSE.
282
Task 7: Add a vRealize Orchestrator Endpoint to vRealize Automation
Code Stream
Add a vRealize Orchestrator endpoint to vRealize Automation Code Stream
1. (Optional) Log in to vRealize Automation Code Stream and the vSphere Client.
Use this step only if you do not have browser tabs that logged in to vRealize Automation
Code Stream and the vSphere Client.
a. Start Chrome and open a new tab for vRealize Automation Code Stream.
If Chrome is already running, but a tab logged in to vRealize Automation Code Stream is
not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
g. (Optional) If you do not have a Chrome browser tab that is logged in to the vSphere
Client, open a new browser tab and go to Infrastructure > vSphere Client (SA-VCSA-
01).
3. Click Endpoints.
11. Enter VMware1! in the Password text box and click VALIDATE.
283
Task 8: Set Up the Pipeline
You create the pipeline and set up a stage.
2. Click the + NEW PIPELINE option from the top of the screen.
9. Enter Deploy VM and add IP to DNS in the Stage name text box in the right
pane.
284
Task 9: Configure Inputs for the Pipeline
You set up the inputs for the pipeline
1. Click the Input tab above the Deploy VM and add IP to DNS stage in the left pane.
2. Click ADD.
Name Value
Name hostname1
Value UbuntuServer
IMPORTANT
These input variable names are case-sensitive and must match exactly what is used in the
YAML blueprint and the vRealize Orchestrator workflow.
Name Value
Name ipaddress
Value 172.20.11.175
285
6. Enter the DeploymentName input:
Name Value
Name DeploymentName
Value Ubuntu-Server-CS
NOTE
Do not worry about the warning message about the fact that the Stage Container Build does
not have any task yet. You create that task next.
286
Task 10: Configure the Deploy VM Task
You configure the Deploy VM task.
2. Click + Sequential Task in the Deploy VM and add IP to DNS stage to add the first element
to the stage.
9. Click input.
13. Click Ubuntu-Static-IPv1 from the Select Blueprint Version drop-down menu.
14. Observe that the input parameters defined in the blueprint appear, including any default
values set in the blueprint. These are not the default values from the Pipeline Inputs.
287
17. Verify that your input parameters are correct.
288
Task 11: Configure the Add IP TO DNS Task
You create and configure the Add IP to DNS task.
1. Click + Sequential Task to the right of Deploy VM in the Deploy VM and add IP to DNS
stage to add the second element to the stage.
6. Select Embedded vRO from the Select vRO Endpoint drop-down menu.
NOTE
The ipaddress and hostname1 inputs are defined in the vRA-Add-DNS-CS workflow. vRealize
Automation Code Stream knows that the work flow needs these inputs from somewhere.
By placing these $variables into the ipaddress and hostname1 text boxes, you hand the
vRealize Orchestrator workflow these inputs that have been defined in vRealize Automation
Code Stream.
289
10. Verify that your Add IP to DNS task is correctly configured.
13. Select Enable from the ACTIONS drop-down menu on the Deploy VM and Add IP to DNS.
290
Task 12: Run the Pipeline
You run the pipeline and troubleshoot an error.
IMPORTANT
291
5. Examine the FAILED pipeline execution report.
The graphic at the top is the name of the Pipeline stage with each task in the stage listed.
The Deploy VM task has a red X icon.
292
7. Read the Status message carefully.
inputs:
hostname1:
type: string
title: Enter your hostname
default: UbuntuStatic
description: This wil be the internal DNS hostname of the
machine
ipaddress:
type: string
title: Enter your IP address range 172.20.11.180-199
pattern: '172.20.11.[1][8-9][0-9]'
description: This will be the IP address. The IP address
should be between 172.20.11.180 and 172.20.11.199.
default: 172.20.11.185
Q1. What is the problem?
A1. The Y AML blueprint has a patter n t hat for ces input values to be in t he 172.20.11.180 - 172.20.11.199 range. Yo u ran t he pipe line wit h t he default inp uts. The default IP in the pipeline is set t o 172.20.11.175, which is o uts ide the allowed range.
293
Task 13: Rerun the Pipeline
1. Click Re-run from the ACTIONS drop-down menu.
4. When the pipeline is running, click the Cloud Assembly tab and go to the Deployments menu
to monitor the deployment.
8. Verify that your most recent workflow run is the vRA-ADD-DNS-CS workflow and that it
completed successfully.
9. Use the Remote Desktop Connection Manager to log in to the Domain Controller
(dc.vclass.local).
10. Use the DNS Manager icon on the dc.vclass.local toolbar to open the DNS Manager.
11. Expand the vclass.local forward lookup zone and verify that the UbuntuServer host name
with the 172.20.11.188 IP address exists.
Click the refresh icon in the DNS Manager view to view the new DNS entry.
294
14. (Optional) Return to Code Stream and correct the default value for the ipaddress input and
update the description is the Deploy VM and Add IP to DNS pipeline .
Make sure that users enter the IP addresses in the range 172.20.11.180-172.20.11.199, as
specified in the YAML blueprint.
295
Lab 25 Configuring the GitLab
Repository
296
Task 1: Configure GitLab
You configure the user, token, and create a project in GitLab.
1. Open Chrome.
GitLab is already installed on CentOS v8. If you want to know how to install GitLab, see
https://about.gitlab.com/install/#centos-8.
• Password: VMware1!
The administrator account is the root user name that you have logged in.
• Email: gitlab-admin@vclass.local
Option Action
297
14. Click Create project.
15. Click the icon in the top-right corner of the GitLab console and click Settings.
Option Action
You need the token for the GitLab integration in the next lab.
298
Task 2: Configure the GitLab Repository
You create directories in the repository and import the blueprints to the respective directories.
Option Action
c. Select blueprint.yaml.
d. Click Open.
Option Action
299
10. Upload the C:\Materials\GitLab-Blueprints\VMW-ENG-CentOS\blueprint.yaml file.
Option Action
Verify that the name: and version: properties are at the beginning of the blueprint code
and have the appropriate values.
15. Log out from the GitLab console in the top-right corner.
300
Lab 26 Integrating GitLab with
vRealize Automation
301
Task 1: Create GitLab Integration
You create GitLab integration in vRealize Automation and add a content source.
1. Open Chrome.
• Password: VMware1!
Option Action
Description Enter GitLab CE Edition for vRA Blueprints in the text box.
Token Enter the token you copied from the previous lab.
15. In the Add Project window, select VMW-ENG vRealize Automation project and click NEXT.
302
16. Configure the content source.
Option Action
You can verify that the three blueprints that GitLab uses for source control appear.
23. Leave the Cloud Assembly console open for the next task.
303
Task 2: Modify the Blueprints in GitLab
You modify the blueprints in GitLab to create versions and verify the synchronization in Cloud
Assembly.
1. Open Chrome.
• Password: VMware1!
16. Select number 1 from the drop-down menu in the Diff tab.
You verify that the changes that you made to this blueprint from GitLab are available.
17. Log out of the vRealize Automation console in the top-right corner.
304
Lab 27 Configuring and Using Ansible
1. Configure Ansible
2. Create a Playbook
305
Task 1: Configure Ansible
You configure Ansible.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
a. Start Chrome and open a new tab for the vSphere Client.
If Chrome is already running, but a tab logged in to vSphere Client is not open, open a
new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
306
6. Deploy a new virtual machine.
Option Action
Clone options Select Customize the operating system and Power on virtual
machine after creation.
7. Open MTPuTTY from the start bar and open a session to SA-Ansible.
NOTE
You can press CTRL-W in the nano editor to search for a string. This might be easier than
scrolling through the file and looking for your text.
By deleting #, this line is not a comment and turns off the Ansible host-key checking. Ansible
host-key checking prevents Ansible from connecting it to a host that it has never connected
before (the system's certificate is not cached). If you deploy a new virtual machine from
vRealize Automation and you want Ansible to configure it, turn off the host-key checking.
307
11. Scroll down and find the #vault_password_file = line.
NOTE
Many Linux services require you to restart the service after you change the configuration file.
This is not true with Ansible. The changes that you made take effect immediately.
17. Verify that the Ansible-Test virtual machine has been deployed and powered on.
19. Return to the MTPuTTY session that is connected to the SA-Ansible virtual machine.
20. Enter nano hosts to use the nano editor to open /etc/ansible/hosts.
308
23. Delete the lines with the other ## servers defined under [webservers] (##
alpha.example.org, ## beta.example.org, ## 192.168.1.100, ## 192.168.1.110).
24. Do not delete any of the other defined groups ([nginxWebServers], [dbservers],
[roletargets], and so on.)
25. Add an entry that matches the IP address of the Ansible-Test virtual machine (172.20.11.xxx)
under the [webservers] group.
27. Press Ctrl+X and enter Y to exit the nano editor and save the file.
309
Task 2: Create a Playbook
You create a playbook to install the Apache web server.
1. Use the Notepad++ editor to open the C:\Materials\Ansible\apache.yml text file. Verify that
this file contains the following code.
---
- name: Apache
hosts: webservers
remote_user: vmuser
become: yes
become_method: sudo
become_user: root
vars:
http_port: 80
max_clients: 10
ansible_become_pass: VMware1!
tasks:
- name: open firewall
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
- name: install apache
yum:
name: httpd
state: latest
- name: ensure apache is running
service:
name: httpd
state: started
Your apache playbook contains the following:
• The playbook begins with a play named Apache. This play is applied to computers in the
webservers inventory group.
• The vmuser user account is used by the Ansible server to log in using SSH to the virtual
machine. The password must be communicated when you run the playbook.
• The Ansible server is the root with the sudo command as root powers are required.
310
• Variables are defined to specify the HTTP port for Apache, the maximum connections
that the web server allows, and the password that Ansible must use with the sudo
command to become root.
The first task opens the firewall to allow outside connections to connect to the
webserver.
The second task uses yum to install the Apache web server. If this playbook was
for an Ubuntu machine, the module used to install Apache is apt. Different
playbooks are required for different operating systems.
The third task verifies that the Apache web server is running.
2. Close the Notepadd ++ text editor without making any changes to the Apache.yml
playbook.
3. Click the Windows icon on your student desktop taskbar and start the WinSCP program.
NOTE
If you see a warning message about a directory that does not exist, click OK.
311
7. Click the apache.yml file in the left pane and click Upload.
312
Task 3: Install Software with Ansible
You use Ansible and your new playbook to install Apache on the web servers defined in the
inventory.
The -u parameter specifies the user account that Ansible must use to connect to the
servers it configures. The -k parameter causes the ansible-playbook command to
ask for the password. To find all parameters and options in the ansible-playbook
command, you enter ansible-playbook --help.
• Gathering Facts
• open firewall
• install apache
• ensure apache is running
The Gathering Facts task is done automatically for all playbooks unless you override it. The
other three tasks are the tasks you define.
The tasks that were correct, changed, unreachable, failed, skipped, rescued, or ignored
appear.
313
6. Use the up arrow to run the ansible-playbook command a second time.
As these changes have already been made on the system, each task returns an OK status
without making any changes. You can use Ansible to correct the configuration of systems.
314
Task 4: Verify That Apache Is Installed Successfully
You verify that Apache is installed successfully.
315
Task 5: Delete the Virtual Machine to Save the Lab Resources
You delete the virtual machine to save the lab resources.
2. Right-click the Ansible-Test virtual machine and click Power > Power Off.
4. Right-click the Ansible-Test virtual machine and click Remove from Inventory.
This prevents Ansible from trying to reinstall apache on the virtual machine that no longer
exists.
316
Lab 28 Deploying Apache Using
Ansible and vRealize Automation
317
Task 1: Connect to the Ansible Server
You connect vRealize Automation to your Ansible server.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
a. Start Chrome and open a new tab for the vSphere Client.
If Chrome is already running, but a tab logged in to vSphere Client is not open, open a
new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
Best practice is not to use the root account for the integration connection in any production
environment.
10. Verify that Use sudo commands for this user is not selected.
If you use the root account to connect to Ansible Control Machine and select use sudo, the
deployments fail.
318
12. Enter VMware1! in the Encryption text box.
15. After the Credentials validated successfully message appears, click ADD.
319
Task 2: Create an Ansible Blueprint
You create a blueprint that uses Ansible.
5. Select Current Draft in the Version drop-down menu and click CLONE.
7. Scroll the left Resource pane down to Configuration Management > Ansible.
8. Click the Ansible resource type and drag it onto the design canvas above the
Cloud_vSphere_Machine.
320
10. Examine the YAML blueprint code. Observe the properties of the Cloud_Ansible_1
component.
NOTE
You can import a blueprint. But this lab gave you a chance to locate the Ansible resource and
see how it connects to a machine.
321
13. Verify that your YAML blueprint code is correct and examine the changes made to the
Cloud_Ansible_1 resource in the YAML code.
• The user that the SA-Ansible server uses to connect to the target virtual machine is
vmuser. This user must exist in the deployed virtual machine. In this case, the user is
already in the CentOS template. But you can add YAML code to create the user before
Ansible runs the playbook.
• The integration account that vRealize Automation uses is the SA-Ansible account.
322
Task 3: Test the Ansible Configuration by Deploying the Blueprint
You verify the Ansible configuration and the Ansible blueprint by deploying the blueprint.
1. Select the Ansible-Apache blueprint and deploy the blueprint with the parameters.
Option Action
323
9. Verify that the Apache test page appears.
324
Lab 29 Deploying an Ansible Role
325
Task 1: Install and View the Ansible Role
You install the Ansible role.
Use this step only if you do not have two browser tabs that are not logged in to the vSphere
Client and Cloud Assembly.
a. Start Chrome and open a new tab for the vSphere Client.
If Chrome is already running, but a tab logged in to vSphere Client is not open, open a
new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
i. Log in with the administrator@vsphere.local user account and the VMware1! password.
2. Click the Windows Start menu on the student desktop and click WinSCP.
3. Connect an SFTP session to sa-ansible.vclass.local with root as the user name and VMware1!
as the password.
If a warning message about adding an unknown server appears, click Yes to continue.
6. Right-click the apache-role.yml file in the left (Windows) pane and click Upload to copy the
apache-role.yml file to /etc/ansible.
326
7. Double-click the apache-role.yml file (in either pane) and use Notepad++ to examine the file.
---
- name: ApacheRoleCall
hosts: roletargets
remote_user: vmuser
become: yes
become_method: sudo
become_user: root
roles:
- apache
The apache role is a collection of files and directories in
/etc/ansible/roles/apache. The playbook that calls the role is minimal in size.
These roles are also called as role playbooks or skeleton playbooks.
9. Click the space at the bottom in the right pane (Linux) to select Linux.
10. Navigate to Files > New > Directory when the right pane (Linux system) is selected.
11. Double-click and open the roles folder in the right pane.
12. Right-click the apache directory in the left pane (Windows) and select Upload.
13. Click OK to copy the apache directory (and all subdirectories and files) to the
/etc/ansible/roles path on SA-Ansible.
14. Double-click and open the apache directory in the left pane (Windows).
You can open each file with Notepad++. Do not modify the files.
• C:\Materials\Ansible\roles\apache\tasks\main.yml
• C:\Materials\Ansible\roles\apache\vars\main.yml
• C:\Materials\Ansible\roles\apache\handlers\main.yml
• C:\Materials\Ansible\roles\apache\files\example.conf
• C:\Materials\Ansible\roles\apache\files\index.html
The set of files and directories are the code required for the ansible role named apache. This
apache role is equivalent to the apache playbook you ran earlier. The earlier apache
playbook is below. Examine it and compare it to the files and directories in the apache role.
327
16. Close the WinSCP app and click Yes to end the session without saving the workspace.
328
Task 2: Create an Ansible Blueprint
You create a blueprint that uses an Ansible role.
6. Select Current Draft in the Version drop-down menu and click CLONE.
playbooks:
provision:
- /etc/ansible/apache-role.yml
The syntax for calling an ansible role in a YAML blueprint is the same as the syntax for calling
an ansible playbook. You are calling a different ansible playbook. This playbook uses the
roles directive instead of defining tasks in the playbook.
groups:
- roletargets
If you do not correct the groups target, the apache-role will not run on the new virtual
machine. The apache-role playbook is looking for members of the [roletargets] group.
329
10. Verify that your YAML code is correct.
330
Task 3: Test the Ansible Role by Deploying the Blueprint
You verify the Ansible configuration and the Ansible blueprint by deploying the blueprint.
1. Select the Ansible-Apache-Role blueprint and deploy the blueprint with the parameters.
Option Action
Your new apache role has a different file for the index.html page. So, your starting webpage
looks different than when you used the apache playbook.
331
Task 4: Delete the Deployment to Save the Lab Resources
You delete your deployment to save the lab resources.
332
Lab 30 Troubleshooting Ansible and
vRealize Automation
333
Task 1: Import a Broken Ansible Blueprint and Correct Problems
You import an ansible blueprint that has problems in the YAML code and the Ansible playbook to
fix the problems.
2. If you are not logged in to Cloud Assembly on the SA-vRA-01 system, log in to Cloud
Assembly.
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
Option Action
334
6. Before you try to test or deploy your blueprint, check for a frequent problem. Do the groups
in the blueprint match the groups in the hosts file on the Ansible server?
[webservers]
[nginxWebServers]
[dbservers]
[roletargets]
[mysqlbackend]
[masters]
[workers]
7. If you saw a problem with your YAML blueprint groups, correct the problem before you
proceed.
Option Action
335
Task 2: Deploy Your Ansible Blueprint and Correct Problems
You verify that the corrected Ansible blueprint and playbook works by deploying the blueprint.
1. Click the Cloud Assembly tab in the Chrome browser to return to Cloud Assembly.
3. Select the Ansible-NGINX blueprint and deploy the blueprint with the parameters.
Option Action
NOTE
336
6. Record the last four digits of the error directory.
You can use the pointer to select and copy the directory name you need.
You can also record the entire string and enter the cd <xxxxxxxx-xxxx-xxxx-xxxx-
xxxxxxxxxxxx> command.
11. Enter ls to view the log files.
Q3. Ansible always uses SSH to communicate. What user account is the YAML
blueprint trying to use to log into the virtual machine from the Ansible Control Machine?
A3. The vmware user acco unt.
337
Q4. Does the user account vmware exist? Does the account have the rights to log
in from SSH?
A4. If you open a conso le to the vir tual m ac hine that w as deployed, you can conf irm t hat t he vmware user acco unt e xists and you can log in w ith the user acco unt. If you try to use the M TPuTTY applicat io n to connect t o the deployed virt ual machine using t he vmware user acc ount, the SSH session f ails. The vmware user ac count does not have t he r ights to log in from SSH.
13. Correct the problem by changing the YAML blueprint to use the vmuser user account.
338
Task 3: Redeploy Your Ansible Blueprint and Correct Problems
You verify that the corrected Ansible blueprint works by deploying the blueprint.
1. Select the Ansible-NGINX blueprint and deploy the blueprint with the parameters.
Option Action
5. Enter the cd /etc/ansible command to change to the Ansible directory on this server.
6. Enter nano nginx.yaml to open the Nginx playbook in the nano editor.
7. Correct the task install nginx code syntax by replacing the semicolon with a colon.
339
Task 4: Test Your Final Corrected Ansible Blueprint
You verify that the corrected Ansible blueprint and playbook works by deploying the blueprint.
1. Click the Cloud Assembly tab in the Chrome browser to go to Cloud Assembly.
3. Select the Ansible-NGINX blueprint and deploy the blueprint with the parameters.
Option Action
340
5. Open a new browser tab and go the URL of your virtual machine (http://<172.20.11.xxx>).
341
Lab 31 Deploying vRealize Suite
Lifecycle Manager
342
Task 1: Deploy vRealize Suite Lifecycle Manager
You deploy vRealize Suite Lifecycle Manager using vRealize Easy Installer.
The vRealize Easy Installer ISO is mounted to the CD-ROM of the student desktop.
6. Click Install.
8. Select the check box to accept the license agreement and click NEXT.
9. Specify the vCenter Server details on the Appliance Deployment Target page.
Option Action
13. Select the check box to enable the Thin Disk Mode.
343
15. Specify the network configuration details.
Option Action
Provide NTP Server for the appliance Enter 172.20.10.10 in the text box.
Option Action
You deploy the VMware Identity Manager cluster from vRealize Suite Lifecycle Manager.
344
24. Click NEXT.
You deploy the vRealize Automation cluster from vRealize Suite Lifecycle Manager.
This step takes about 60 minutes. Do not wait. You can proceed with the next lab.
345
Lab 32 Configuring the NSX-T Data
Center Load Balancer
346
Task 1: Create Load Balancers
You create load balancers for VMware Identity Manager and vRealize Automation.
1. Open Chrome.
• Password: VMware1!VMware1!
Option Action
You are connecting the Load Balancer to an existing Tier-1 Router already set up by NSX
Administrator.
7. Click SAVE.
Option Action
9. Click SAVE.
347
Task 2: Configure Application Profiles
You create application profiles for VMware Identity Manager and vRealize Automation.
Application profile defines the behavior of a particular type of network traffic.
Option Action
5. Click SAVE.
6. Follow earlier steps to create the application profile for vRealize Automation.
Option Action
7. Click SAVE.
348
Task 3: Configure the Persistence Profile
You create the persistence profile for VMware Identity Manager. The Persistence profile directs
all related connections to the same server in the pool.
Option Action
5. Click SAVE.
349
Task 4: Configure Health Monitors
You create health monitors for VMware Identity Manager and vRealize Automation. The active
health monitor is used to test whether a server is available. The health monitor sends
HTTP/HTTPS requests to monitor the application health.
Option Action
Option Action
5. Click the HTTP Response Configuration tab to configure the HTTP response.
Option Action
HTTP Response Code Enter 200 in the text box and press Enter.
6. Click APPLY.
7. Click SAVE.
NOTE: Ensure you select HTTP. You use HTTPS for vIDM Monitor.
350
9. Create the health monitor for vRealize Automation.
Option Action
Option Action
11. Click the HTTP Response Configuration tab to configure the HTTP response.
Option Action
HTTP Response Code Enter 200 in the text box and press Enter.
351
Task 5: Configure Server Pools
You create server pools for VMware Identity Manager and vRealize Automation. A server pool
consists of one or more servers that are configured and running the same application.
Option Action
5. Click ADD MEMBER to add the three VMware Identity Manager nodes.
Option Action (First Node) Action (Second Node) Action (Third Node)
352
7. Click APPLY.
8. Click SAVE.
Option Action
11. Click ADD MEMBER to add the three vRealize Automation nodes.
Option Action (First Node) Action (Second Node) Action (Third Node)
353
Task 6: Configure Virtual Servers
You create the virtual server for VMware Identity Manager and vRealize Automation. Virtual
servers receive all the client connections and distribute them among the servers.
Option Action
4. Click SAVE.
354
6. Create the virtual server for vRealize Automation.
Option Action
7. Click SAVE.
355
Lab 33 Configuring SSL Certificates
Using Microsoft CA
356
Task 1: Generate Certificate Signing Requests
You use vRealize Suite Lifecycle Manager to generate Certificate Signing Requests (CSR) for
VMware Identity Manager and vRealize Automation.
1. Open Chrome.
• Password: VMware1!
4. Click Locker.
Option Action
7. Click GENERATE.
357
8. Save the file to C:\Materials\Certs\vIDM directory.
10. Enter these details to generate a certificate signing request for vRealize Automation.
Option Action
358
Task 2: Separate the Private Key from the Certificate Signing Request
You edit the CSR and separate the private key files.
3. Copy the entire text from -----BEGIN CERTIFICATE REQUEST----- until -----
END CERTIFICATE REQUEST-----.
4. In the Notepad++ application, click File > New.
7. Enter vIDM.csr as the filename and save the file in the C:\Materials\Certs\vIDM
folder.
9. Copy the entire text from -----BEGIN PRIVATE KEY----- until -----END
PRIVATE KEY-----.
10. In the Notepad++ application, click File > New.
359
12. Press Enter at the end of text to add an extra empty line.
14. Enter vIDM.key as the filename and save the file in the C:\Materials\Certs\vIDM
folder.
16. Right-click the CSR_lab-vra.vclass.local_EDU.pem file and click Edit with Notepad++.
17. Copy the entire text from -----BEGIN CERTIFICATE REQUEST----- until -----
END CERTIFICATE REQUEST-----.
360
18. In the Notepad++ application, click File > New.
21. Enter vRA.csr as the filename and save the file in the C:\Materials\Certs\vRA
folder.
23. Copy the entire text from -----BEGIN PRIVATE KEY----- until -----END
PRIVATE KEY-----.
24. In the Notepad++ application, click File > New.
26. Press Enter at the end of text to add an extra empty line.
28. Enter vRA.key as the filename and save the file in the C:\Materials\Certs\vRA
folder.
361
Task 3: Sign the SSL Certificates Using Microsoft CA
You log in to the Domain Controller, which has the Microsoft Certificate Authority role enabled,
and issue certificates for VMware Identity Manager and vRealize Automation.
c. Click Save.
The root certificate must be available in both the vRA and vIDM folders.
8. Go to the Microsoft Certificate Services window in Chrome and click Home at the top-right
corner.
11. Open the vIDM.csr file in Notepad++ and copy the entire content.
12. Go to Chrome and paste the CSR content in the Base-64-encoded certificate request text
box.
The VMware Template can be created using steps from the KB article:
https://kb.vmware.com/s/article/2112009
362
15. Select Base 64 encoded and click Download certificate.
c. Click Save.
21. Switch to Chrome and paste the CSR content in the Base-64-encoded certificate request
text box.
c. Click Save.
27. Verify that you have the Root64.cer, vIDM.csr, vIDM.key, and vIDM.cer files.
If any file is missing, verify that you have performed all the earlier tasks correctly.
29. Verify that you have the Root64.cer, vRA.csr, vRA.key, and vRA.cer files.
If any file is missing, verify that you have performed all the earlier tasks correctly.
363
Task 4: Prepare the PEM Encoded Certificates
You combine the signed certificate, private key, and the root certificate to create the .pem files
for VMware Identity Manager and vRealize Automation.
1. On the student desktop, click the command prompt from the taskbar.
This command combines the VMware Identity Manager certificate, private key, and root
certificate into single .pem file.
This step combines the vRealize Automation certificate, private key, and root certificate to a
single .pem file.
364
Task 5: Import the Certificates to vRealize Suite Lifecycle Manager
You use vRealize Suite Lifecycle Manager to import the .pem files for VMware Identity Manager
and vRealize Automation.
1. Open Chrome.
• Password: VMware1!
4. Click Locker.
5. Click IMPORT.
6. Enter vIDM-Cert in the Name text box.
9. Click IMPORT.
13. Navigate to the C:\Materials\Certs\vRA folder, select the vRA.pem file, and click
Open.
365
Lab 34 Deploying the VMware
Identity Manager Cluster
366
Task 1: Reduce The Resource Load On the Management Cluster
You power off some virtual machines to increase available resources
1. Open Chrome.
• Password: VMware1!
6. Right-click the SA-Ansible virtual machine and click Power > Shudown Guest OS.
7. Right-click the SA-Gitlab virtual machine and click Power > Shudown Guest OS.
367
Task 2: Deploy the VMware Identity Manager Cluster
You deploy VMware Identity Manager cluster using the custom SSL certificate.
1. Open Chrome.
• Password: VMware1!
6. Slide the Install Identity Manager switch to the right to Enable to Install/Import Identity
Manager.
Option Action
Join the VMware Customer Experience Deselect this option for the lab
Improvement Program
If you do not see InstallerPassword from the drop-down menu, create password "VMware1!"
from the vRealize Suite Lifecycle Manager Locker and use it for the other labs.
If you do not see SA-Datacenter, create Datacenter and with vCenter Server=SA-vCSA-
01.vclass.local, Username=administrator@vsphere.local, Password=VMware1! information.
8. Click NEXT.
9. Select the checkbox for VMware Identity Manager in the upper right corner of the catalog
card.
368
13. Click NEXT.
14. Scroll down and select the I agree to the terms & conditions check box.
Option Action
a. Expand vRA-Library.
i. Select vidm.
Option Action
369
23. Edit the DNS Servers selection.
b. Select DNS-1.
c. Click NEXT.
d. Click FINISH.
26. Use the default setting of OFF for FIPS Compliance Node.
27. Verify that InstallerPassword is selected for Admin Password (Port 443).
29. Enter configadmin in the Default Configuration Admin Username text box.
30. Verify that InstallerPassword is selected for Default Configuration Admin Password.
Option Action
Option Action
370
34. Enter the vidm-secondary-1 details.
Option Action
Option Action
b. Review the Manual Checks and select the I have taken care of the manual steps above
and ready to proceed check box.
d. Verify that failed messages do not appear and that you see the message All validations
passed for this environment.
Monitor the VMware Identity Manager cluster create request. This operation might take over
an hour.
NOTE: If you see any errors during deployment, click Retry and Submit the default values in
vRealize Suite Lifecycle Manager.
371
Task 3: Validate the Deployment
You review the VMware Identity Manager pool status and log in to the console.
1. If you are logged out of vRealize Suite Lifecycle Manager, log in using the credentials.
• User name: admin@local
• Password: VMware1!
Verify that the VMware Identity Manager cluster create operation has completed
successfully.
• Password: VMware1!VMware1!
• Password: VMware1!
You have logged in to the VMware Identity Manager console using the load balancer FQDN.
372
Lab 35 Deploying the vRealize
Automation Cluster
373
Task 1: Deploy the vRealize Automation Cluster
You deploy the vRealize Automation cluster using custom SSL certificates.
1. Open Chrome.
• Password: VMware1!
Option Action
Join the VMware Customer Experience Deselect this option for the lab
Improvement Program environment.
7. Click NEXT.
12. Scroll down and select the I agree to the terms & conditions check box.
374
15. Click VALIDATE.
Option Action
a. Expand vRA-Library.
i. Select vra.
375
27. Enter the network details.
Option Action
b. Select DNS-1.
c. Click NEXT.
d. Click FINISH.
b. Select NTP-1.
c. Click NEXT.
d. Click FINISH.
376
36. Enter the vrava-primary node details.
Option Action
Option Action
Option Action
41. There will be one failure message. The VMware Identity Manager node size check will fail
with the indication that the VMware Identity Manager node size is too small. Ignore this
message, the VMware Identity Manager node size is acceptable for this lab environment. If
there are any other error messages go back and resolve them.
Monitor the vRealize Automation cluster create request. This operation might take over an hour..
44. NOTE: If you see any errors during deployment, click Retry and Submit the default values in
vRealize Suite Lifecycle Manager.
377
Lab 36 Configuring Connector High
Availability
2. Create a Directory
378
Task 1: Join Appliances to Domain
You log in to VMware Identity Manager and join appliances to the Active Directory domain.
1. Open Chrome.
• Password: VMware1!
The configadmin user is the configuration administrator user name that you specify during
installation.
Option Action
9. Use the earlier steps to join the lab-vidm-02.local appliance to the domain.
10. Use the earlier steps to Join the lab-vidm-03.local appliance to the domain.
379
Task 2: Create a Directory
You create a directory to integrate VMware Identity Manager with the vclass.local Active
Directory.
2. Click Add Directory and select Add Active Directory over LDAP/IWA.
5. In the Add Directory wizard, scroll down and configure the domain settings.
Option Action
9. Review the required attributes on the Map User Attributes page and click Next.
380
13. Select the Select All check box to select all the groups from the Finance OU.
IMPORTANT
Do not add users. You can add users to enterprise groups and synchronize the groups.
381
Task 3: Enable Connector High Availability
You edit the identity provider and add additional connectors to enable high availability.
2. Click WorkspaceIDP__1.
8. Click Save.
382
Lab 37 Failing Over the VMware
Identity Manager Node
383
Task 1: Review the VMware Identity Manager Cluster Health
You check the cluster health and review the roles assigned to the VMware Identity Manager
cluster nodes.
1. Open Chrome.
• Password: VMware1!
7. Double-click Lab-vIDM-01.
cat /usr/local/etc/pgpool.pwd
9. Select the password and use CTL-C to copy the password into the cut and paste buffer.
su root -c "echo -e
'<password>'|/usr/local/bin/pcp_watchdog_info -p 9898 -h
localhost -U pgpool"
NOTE
su root -c "echo -e
'8f20a13bc339421b86b8de81af588192'|/usr/local/bin/pcp_watchd
og_info -p 9898 -h localhost -U pgpool"
Only one of the VMware Identity manager nodes must be assigned the MASTER role.
384
12. Obtain the Postgres primary node.
su postgres -c "echo -e
'<password>'|/opt/vmware/vpostgres/current/bin/psql -h
localhost -p 9999 -U pgpool postgres -c \"show pool_nodes\""
NOTE
Use the same password that you used to determine the master node.
13. Record the IP address for the node that has the PostgreSQL primary role. __________
NOTE
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
385
Task 2: Shut Down the Primary Node and Monitor the Cluster
You shut down the primary Workspace ONE Access node and monitor the failover.
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
shutdown -h now
3. Use SSH to access one of the remaining Workspace ONE Access nodes.
su root -c "echo -e
'<password>'|/usr/local/bin/pcp_watchdog_info -p 9898 -h
localhost -U pgpool"
5. Obtain the Postgres primary node.
su postgres -c "echo -e
'password'|/opt/vmware/vpostgres/current/bin/psql -h
localhost -p 9999 -U pgpool postgres -c \"show pool_nodes\""
The primary role is assigned to a different node.
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
386
7. Review the delegate IP address.
8. Leave your SSH session logged into one of the VMware Identity Manger nodes.
c. Click SUBMIT.
The request completes successfully and a notification appears at the top-right corner. If
you do not see the notification, refresh the browser tab.
Leave the vRealize Suite Lifecycle Manager window open for the next task.
387
Task 3: Power On the Node and Monitor the Cluster
You power on the VMware Identity Manager node and monitor the cluster status.
• Password: VMware1!
4. Power on the VMware Identity Manager node that you shut down earlier.
You might need to wait for 5 minutes for the service to initialize.
5. Return to your session in MTPuTTY that is logged into one of the VMware Identity Manager
nodes.
6. Use the up arrow to repeat the command to obtain the pgpool master.
su root -c "echo -e
'<password>'|/usr/local/bin/pcp_watchdog_info -p 9898 -h
localhost -U pgpool"
The MASTER and STANDBY roles must be assigned to the respective nodes.
su postgres -c "echo -e
'<password>'|/opt/vmware/vpostgres/current/bin/psql -h
localhost -p 9999 -U pgpool postgres -c \"show pool_nodes\""
8. Record the primary node. __________
10. If the status of the powered on node is down, use SSH to access the node.
192.168.50.7 Lab-vIDM-01
192.168.50.8 Lab-vIDM-02
192.168.50.9 Lab-vIDM-03
388
12. Recover the failed node.
c. Click SUBMIT.
The request completes successfully and a notification appears at the top-right corner. If
you do not see the notification, refresh the browser tab.
20. Log out of vRealize Suite Lifecycle Manager and close the browser tab.
21. Exit all the SSH sessions and close the MTPuTTY application.
389
Lab 38 Reviewing the vRealize
Automation Cluster
390
Task 1: View the Cluster Status
You view the vRealize Automation cluster status from the load balancer and the command line.
1. Open Chrome.
• Password: VMware1!VMware1!
• Overall status
• Operational status
8. Log out of NSX Policy Manager and close the Chrome tab.
391
Task 2: View the Kubernetes Core Services
You view the core (first boot) services that Kubernetes includes in the vRealize Automation
appliance.
1. If you are logged out of the MTPuTTY session, double-click the Lab-vRA-01 server.
ifconfig | less
3. Enter q to exit from the list.
392
Task 3: View the vRealize Automation Services and Pods
You view the Kubernetes services that vRealize Automation includes.
1. If you are logged out of the MTPuTTY session, double-click the Lab-vRA-01 server.
393
Lab 39 Failing Over the vRealize
Automation Node
394
Task 1: Shut Down the Primary Node and Monitor the Cluster
You shut down the primary vRealize Automation node and monitor the failover.
2. Double-click Lab-vRA-01.
shutdown -h now
5. SSH to the Lab-vRA-02 node.
vracli status
The primary vRealize Automation node cloud be postgres-1, which correlates to the Lab-
vRA-02 VM. It is possible that the primary node is postgres-2, which correlates to the Lab-
vRA-03 VM.
7. Open Chrome.
• Password: VMware1!
395
16. Create a vCenter Server cloud account.
Option Action
17. Leave the Chrome tab open for the next task.
You added a cloud account to demonstrate that vRealize Automation cluster can manage
one node failure.
396
Lab 40 Troubleshooting Scenario:
Correct a Blueprint from a YAML File
1. If you are not logged in to Cloud Assembly on the vRA-Standard system, log in to Cloud
Assembly.
IMPORTANT
a. Open Chrome.
If Chrome is already running but the Cloud Assembly tab is not open, open a new tab.
NOTE
If you see a Your connection is not private warning, click Advanced and click Proceed
to sa-vra-01.vclass.local (unsafe).
NOTE
If you see a Your connection is not private warning, click Advanced and click Proceed
to sa-vidm-01.vclass.local (unsafe).
397
d. Verify that the vclass.local domain is selected and click Next.
e. Log in with the ENG-CA-Admin user account and the VMware1! password.
3. Click Blueprints.
4. Click UPLOAD.
8. Click the No file chosen text to open the file navigation window.
a. Navigate to C:\Materials\blueprints.
c. Click Open.
9. Click UPLOAD.
398
Task 2: Overview of Troubleshooting Techniques
1. Validate the blueprint using the VALIDATE button.
a. The validation system guides you to the first issue in the YAML file from top to bottom.
You must validate multiple times to find all the issues.
c. What objects are called and what are the tags associated to the objects. Do they
correspond to the correct networks?
2. Investigate the tags to infrastructure. You can copy the tags from the blueprint and retype
the start to auto populate the tags for you.
b. Are the tags correct? Spelling and Capitalization are important in blueprints.
a. Do the names and objects reference the right values in the rest of the blueprint. Many
objects can be customized to new names.
399
Task 3: Resolution
1. To resolve this issue. the understanding of blueprints, tagging, and resource deployments.
2. The first step is running the validation test. You receive direct errors on YAML lines to
resolve. You see a VALIDATE button on the bottom of the blueprint.
3. The red exclamation point and warning message mention an indentation issue with the
volume name field. This is because the name has to be in the properties field. copy the name
field from the current location and place it under properties. The indentation should match
the indentation of capacityGb.
4. The red exclamation should now move to the next name field. Notice the input value does
not match the previous field. The Inputs.hostname should state Input.Hostname
since it is case sensitive and Input is a predefined variable type.
5. The red exclamation will now move to the network line, - network:
'${resource.Cloud_NSX_Network_1.id}'. This line was generated by dragging the network
object to the machine object. After being created the network name was changed to SA-
Management, so the value no longer matches. this can be corrected by either dragging the
line from SA-Management to the machine object or changing the text to - network:
'${resource.SA-Management.id}'.
6. A follow up validation should give a green banner across the top. You should now be able to
deploy the virtual machine and see the added drive and the virtual machine should be
connected to the network.
400
Answer Key
401
A7. VMware-Common-Web security group.
Q8. Do you see the LB-Web prefix assigned for the load balancer?
A8. Yes.
Q9. What is the protocol and port assigned to the virtual server?
A9. TCP 443.
Q1. You cannot ping the Web node but you can use SSH. Why?
A1. Security Rule exists in NSX-T Data Center to block the ICMP traffic.
Q2. You cannot access port 80. You are able to access port 443. Why?
A2. Security Rule is in NSX-T Data Center to block the HTTP traffic.
Lab 19 Troubleshooting an ABX FLow
Q1. What is missing?
A1. A variable named tagControl.
Q2. Where is the tagControl variable defined?
A2. The tagControl variable must be defined before you use it in a switch. You can hard-
code it to the action-flow code. The most useful place to define variable is in the previous
action (Bad-Rename-vSphere-VM) and to base it off of the tagControl YAML custom
property. The tagControl custom property is loaded from the tagInput variable.
Q1. Is the tagControl variable defined, based on the tagControl custom property ?
A1. Yes. The tagControl = inputs.customProperties.tagControl; statement
exists.
Q2. Is the tagControl variable passed as an output to the main action flow?
A2. No. The new VM name is passed as an output in outputs.resourceNames[0] =
newName; but no output line for tagControl exists.
Lab 24 Calling Cloud Assembly and vRealize Orchestrator from vRealize
Automation Code Stream
Q1. What is the problem?
A1. The YAML blueprint has a pattern that forces input values to be in the 172.20.11.180 -
172.20.11.199 range. You ran the pipeline with the default inputs. The default IP in the
pipeline is set to 172.20.11.175, which is outside the allowed range.
Lab 30 Troubleshooting Ansible and vRealize Automation
Q1. Is there a problem in groups part of the YAML code?
A1. Yes, the groups in the YAML code must be nginxWebServers, not nginxWebServer.
Q2. What is the first problem in the YAML code?
402
A2. The Ansible integration account is set to SA-Ansibles. It must be set to SA-Ansible.
Q3. What is the second problem in the YAML code?
A3. The Cloud_Ansible_1 component is not connected to Cloud_vSphere_Machine_1.
Q1. What is the problem?
A1. A communications problem between the Ansible Control Machine and the virtual machine
on which it is trying to install software exists.
Q2. What is the problem?
A2. The playbook run does not work from vRealize Automation. A communications problem
between Ansible and the virtual machine it configures exists.
Q3. Ansible always uses SSH to communicate. What user account is the YAML blueprint
trying to use to log into the virtual machine from the Ansible Control Machine?
A3. The vmware user account.
Q4. Does the user account vmware exist? Does the account have the rights to log in from
SSH?
A4. If you open a console to the virtual machine that was deployed, you can confirm that the
vmware user account exists and you can log in with the user account. If you try to use
the MTPuTTY application to connect to the deployed virtual machine using the vmware
user account, the SSH session fails. The vmware user account does not have the rights to
log in from SSH.
Q1. What is the problem?
A1. A syntax error in the Ansible playbook on the ansible server exists. The error might exist
in line 29, column 11.
Q2. What is the problem?
A2. The code in the task install nginx has a semicolon instead of a colon.
Q1. Did your blueprint deploy successfully?
A1. If you have corrected all errors, the blueprint must deploy successfully.
403