vRealize Automation 7.3 what’s new?

vRealize Automation 7.3 has been released today with tons of new capabilities and features (>20 Spotlight Features). In this post, I will highlight several of these new enhancements to introduce you to what you can get by upgrading to vRA 7.3. I hope this will help you find out if the features you are looking for is a part of this release. I know many on my list and my customers lists have been addressed, but there is always room for more.

Below is few important links to check to learn more about vRealize Automation 7.3:

vRealize Automation 7.3 new features:

Parameterized Blueprints to Enhance Reusability and Reduce Sprawl​

  • Introduced component profiles for defining both size and image attributes, enabling “T-shirt sizing” as a request item
    • Component profiles provided for image and virtual machine size including CPU, memory, and storage size
  • Efficiently manage blueprints by leveraging abstracted component profiles
  • Increase reusability while significantly reducing blueprint sprawl
  • Trigger approval policies on size or image conditions
  • Import or export of component profiles using vRealize CloudClient
  • Automatically substitute component profile values

In the past, I have seen the request for VMs “t-shirt sizing” coming up often.… Read More

vRealize Automation 7 Property Dictionary Relationship

In the past I have documented how to do vCloud Automation 6.x Property Dictionay and Property Dictionary relationship in a post that was well recieved and got quite popular which can be found at: vCAC 6 Property Dictionary Relationship. I have meant to do the same for vRA 7 Property Dictionary Relationship for sometime as it has dramatically changed from it’s 6.x days, but I had pushed it forward several times and finally got the time to get around it.

In this post, I am going to show you how to populate a dropdown menu created in vRA property dictionary from a vRO workflow. Further, I will show you how to filter it based on another dropdown as well. This is get very useful when you have two related dropdown in your vRealize Automation Request forum and would like to filter one of them based on the other dropdown selection.  It help you ensure only valid values are showing in the second dropdown menu making your request form more user friendly. Further, this same process can be used to populate the dropdown list from an external source like MS SQL or so on.

Before you start with this exercise, I would highly recommend you go through my past post to get an understanding of the terms used in this post: vCAC Custom Properties – Build Profiles(Renamed Property Groups in vRA 7.0) – Property Dictionary

The two drop menus I am dealing with in this examples are:

  • Drop Down Name: Environment.  
Read More

vRA Installation Error: Another instance of the component is already installed on this server.

While I have been installing vRA lately as a part of a VMware Validated Design engagement using the Automated Deployment Tool, my vRA deployment tool failed as the DBA has not provided the right permissions on the SQL box required to install vRA. The error received at that moment was: “Error occurred while executing SQL file: User does not have permission to perform this action.”.  This error showed up in vCAC-Config.log file on the first IaaS web server.

The above error was pretty descriptive and easy to rectify by assigning a sysadmin role to my vRA user account used for the vRA installation as well provide it with a dbo role on the vRA database. I decided to go ahead and re-run my installation after I have resolved the permissions issue, and I started facing the following error, which I was not clear what’s going on initially: “Another instance of the component is already installed on this server.”

Here is what made this error initially confusing, it comes up as a part of SQL Database creation block. Below how the error looked as the installation was executing:

[root]  [INFO] ———————————————————————————————————————-
[root]  [INFO]         Installation of IaaS “db” component on host “vraweb01.vt.com” starts now
[root]  [INFO] ———————————————————————————————————————-
[root]  [INFO] Executing db Installation command:
[root]  /usr/sbin/vra-command execute –node 574C2057-4BEE-40E0-A163-AD86A1FTT32A install-db –SqlServer vtvrasql01.vt.com,1433 –DatabaseName vRA –DataPath  –LogPath  –UseWindowsAuthentication True –UseExistingDatabase True –UseEncryption False –SqlUser VT\svr_vra –SqlUserPassword *******
[root]  Parent command with id=’3bae80fe-02d2-4ea9-8290-8c2b634d1a5e’ was created.… Read More

vRealize Automation Order of Precedence for Custom Properties.

If you have just started working with vRealize Automation, you will notice that you can apply custom properties to many elements. While this is great and add a lot of flexibility to the product and make it easier to customize the product to do things differently in the way you desire. It can get confusing which property will precede/over write the other one, if a duplicate property with a different value was assigned at a different element/level. In this post, I wanted to highlight the order of Precedenc for Custom Properties in vRA, so you can predict your results.

vRA Custom Properties Order

The full order of precedence for custom properties is that any property value specified in a source later in the list overrides values for the same property specified in sources earlier in the list. The order is shown in the following list:

Order of applying Custom Properties, later one over write earlier one:

  1. Build Profile
  2. Blueprint
  3. Business Group
  4. Compute resource
  5. Reservation
  6. Endpoint
  7. Runtime

Note: Please note only Build Profile, Blueprint, and Business Group custom properties are assigned at the request time, while most other custom properties (Comput resources, reservation, & Endpoint) are assigned during provisioning, as they are not being assigned till the provisioning process has been started.… Read More

Replacing Certificates in vRealize Automation 7

If you worked with vRA 6.x and earlier, you will definetly know that replacing certs was a very involving process. The great news is that vRA 7 has eliminated most of the work required to do so and automated a good part of the process. Unfortunately, this is not clearly documented in vRA 7 documentation, although in my opinion this is one of the major improvements in vRA 7.0. As I have discovered those improvement the hard way through going through engineering and support, I thought It’s worth sharing as it can save you tons of time.

Let’s start by the scenario where you have setup the vRealize Automation 7.x system up and running, and you want to replace your certificates. Let’s assume you have already generated the certs for the different services, but if you did not and need help with that keep reading as I will give you guidance on that later on in this article. Below is how to replace the certs of each of the services making up your vRA 7.0.

– SSO/Identity Appliance: As vRA 7.0 does not make use of vCenter SSO any more and it moved to embeded vIDM, you will not have to worry about the certs of this any more.… Read More

vRealize Automation 7 Bootstrap Installation

vRealize Automation 7 converged blueprint is now offering you the capabilities to go beyond VMs deployment to being able to design/deploy a full application stack. In order to enable application deployment in vRA, you will need to install vRA 7 bootstrap in your VM template. In this post, I will cover how to install vRA 7.0 bootstrap into your Windows & Linux VM templates.

vRA 7 converged blueprint

Note: vRA 7.0 enterprise license is required to use the software deployment capabilities of vRA 7.0. If you have a license that does not include this, you will need to depend solely on the Gugent to run your scripts in similar fashion to what was done in previous versions of vRA, which I have document previously at: vCAC Guest Agent Installation

Note: In vRealize Automation 7.1 and higher the download link of the Guest Agent, Bootstrap Agent and so on has changed from the links used in the below article to https://vRealize_VA_Hostname_fqdn/software/index.html. 

vRA 7 bootstrap installation in Windows:

(Certs)

  1. Make sure your root cert is trusted by your template.
  2. Make sure your Manager Service cert is trusted by your template as well.

(Gugent)

  1. Download the Gugent installer from https://vRealize_VA_Hostname_fqdn:5480/installer/GuestAgentInstaller_x64.exe. The download link has changed to https://vRealize_VA_Hostname_fqdn/software/index.html in vRealize Automation 7.1 and higher.
Read More

vRealize Automation Modifying Approval E-mails

One of the questions I get often asked by customers is how to modify vRA e-mail templates. To be honest the most one customers usually care to modify is the Approval e-mail to include more information than what is provided in the out of the box template. In this article, I will show you how to simply modify the vRA Approval e-mail to include additional custom properties. I will not drill into more advanced e-mail modification topics to keep this as simple as possible and get you straight to the point if that all you needed to do, though I will have more advanced vRA e-mail template modifications links at the end of this post.

First, you will need to upload the vRA e-mail templates to vRA using the below steps:

  1. Download the 2088805_vrealize_automation.tar.gz file from KB208805
    • Windows: Use a program such as WinSCP to copy the 2088805_vrealize_automation.tar.gz to the VMware vRealize Automation
    • Linux: Run these commands:scp 2088805_vrealize_automation.tar.gz root@vCAC VA:/
      ssh root@vCACVA
      cd /
      tar -xvzf 2088805_vrealize_automation.tar.gz
      find /vcac -type d -exec chmod o+rx {} \;
      find /vcac -type f -exec chmod o+r {} \;
  2. Restart VMware vRealize Automation by running this command:service vcac-server restart.

The above steps should get you to a position where you are ready to modify the vRA e-mail templates as needed, and changes to these templates going forward will take effect without needing to restart the service, but might take up to 2 minutes to see the changes.… Read More

vRealize Automation Gugent stuck and machine deployment timeout

After installing the vRA 6.2.2 Gugent into our Windows 2012 R2 template, blueprint deployment started to time out. As I had followed the exact steps I have previously used to install the Gugent for quite few customers before which in turn I have already documented on my following blog post: vRA Guest Agent Installation, I was surprised with the issue and thought to document the issue and resolution of it in this blog post in case others encounter it. Before I start, just few words of the environment versions:

vRA: 6.2.2
Gugent: 6.2.2
vCenter: 6.0
ESXi: 6.0
VMware Tools: 6.0
OS: Windows 2012 R2

While above these are the exact versions I have seen the issue with, you might face it with previous or future versions, as I am not sure yet which versions this specifically apply to, I wanted to ensure to point out the exact versions where I have observed it. Below is the timeout error I saw in vRA while trying to deploy from a blueprint that uses the Gugent: “Request failed: Machine vttest001: Timeout Customizing Guest OS.”

Request failed machine timeout customizing guest os

 

The error logs within the vRA portal was not providing me with enough info to debug the error with, so I started digging into one of the machines deployed through the problematic blueprint and after digging around I have found the following error in Windows Applications event log:

“faulting application name: DynamicOps.agent.guest.exe libeay32.dll”

 vRA Gugent Faulting Application name: DynamicOps.Agent.Guest.exe

For some reason the issue end up being caused by the vRA Gugent not being able to locate the VMware Tool libeay32.dll package, although VMware tool 6.0 was installed.… Read More

vRealize Automation deployment to vCloud Air fails

After configuring vRealize Automation Center to be ready to deploy to vCloud Air (End Point, Fabric Group, Reservation, Reservation Policy, Blueprints, etc), my initial vAPP blueprint deployment to vCloud Air has started to fail with the below error message.

“Request failed: Machine VTTest001: an error occurred while customizing the vapp..”

vRA vAPP deployment to vCloud Air fails error occurred while customizing the vAPP

 

Checking the vRA logs under monitoring has given me a bit more descriptive error, which has definitely helped me resolve the issue much more than the original error: “vCloud Customize VM failed for vApp: VTTest001 Error occurred while customizing vAPP. Inner Exception: Auto-logon count must be within 1 to 100 range if enabled or 0 otherwise.”

vAPP deployment fails in vRA autologin error under monitoring log

This has reminded me that I has never setup the auto-logon setting under customization on the VMs building my vAPP template. You will need to check mark the “Automatically log on as Administrator” option as shown in the below screenshot. I would leave the number of automated log on to 1 as well.

vRA deployment to vcloud Air fails Automatically login as an administratorThis has done the trick for me and things worked afterward. I assume others might miss this step as well, and as the initial error might not be obvious indication of the issue, I thought I will try to save you the hassle of trying to figure out how to fix it.… Read More

vRealize Automation iaas-service does not register after installation

While doing the usual vRA 6.2.2 large deployment distributed install, and after everything in the installation went smoothly without any errors, the vRA infrastructure tab was not working. Checking the vRA Services through the vRA Appliance VAMI, and noticed all of my services are up and running as  expected with its status being registered, beside the iaas-service which its status was left blank. Look at the below screenshot and notice where the service column ” iaas-service        com.vmware.csp.iaas.blueprint.service” status being blank.

vrealize automation iaas-service not starting

Going through every test I can think of, I could find no meaningful error in any of the logs, till I opened my infrastructure tab again but in Chrome this time and rather than getting the usual 404 error it was giving me earlier the below message came up: Invalid Argument. Host name may not be null

vra Infrastructure tab Invalid Argument Host name may not be null

 

After a bit of digging/research, I have found out that the VIP names the customer is using included under scores which is not supported by vRA for both hostnames or VIP names. This has been documented in the vRA 6.2 Installation and configuration document here as well in KB2086553.

Resolution for this issue: You will need to avoid this scenario before hand, else you will have to redo the full installation.… Read More

vRealize Automation 6.2 moving to Internal replicated vPostgres

When delivering a vRealize Automation 6.1 and prior in a distributed install, the recommendation was always to have an external vPostgres instance. This has changed in vRealize Automation 6.2 and it’s briefly touched upon in the vRA 6.2 reference architecture found at: vRealize Automation 6.2 reference Architecture. I wanted to make sure to highlight this, as many have missed this change and others are still wondering how it can be implemented or why this change. It’s important to mention as well, you can use this replication architecture for any version of vCAC/vRA that’s higher than 6.0.1.

Let’s start by highlighting the change, we are moving from having a separate/external vPostgres  machine to host the vPostgres (being a vRA appliance that is re-purposed to be used as vPostgres or a full vPostgres install) to using the internal built-in vRA Appliance vPostgres and replicate across the two vRA Appliances. The below image demonstrate this change:

vRA internal vPostgres replication
So what do you get of moving to this new model? Actually there is few advantages of implementing your vRA 6.2 this way, below is couple of them.

1- You have less machines to manage by eliminating the extra one or two external vPostgres machines you needed in the 6.1 reference architecture setup.… Read More

Resource Actions does not show up in vRealize Automation 6.2.1

I had an instance of vRealize Automation 6.2 with few resource actions that were built under Advanced Services with things like take snapshot and move VMs to a different folder in vCenter. These were working like a charm in vRealize Automation 6.2, but as soon I upgraded to 6.2.1 they stopped showing in the items actions menu. I have re-checked my configuration and tried few additional resource actions with no luck.

After a bit of research I have found out that its a known problem caused by a bad DLL within the 6.2.1 and its easy to fix by following KB2111713. I have as well happen to be able to reproduce the same issue with a fresh install of vRA 6.2.1, so if your resource actions does not show up in the actions menu, although you have done all the right steps KB2111713 or the step below is your way to fix it.

1- Download the new DLL by following the download link in KB2111713, the download name is vRA_621.zip, where it includes a single DLL file which in turn called  “DynamicOps.Api.v61.dll".

2- Stop all of your vRA IaaS Services in the following order: 1- Proxy Agents 2- DEMs, 3- DEM Orchestrator 4- vCloud Automation Center Manager service

3- Backup your old DynamicOps.Api.v61.dll found at C:\Program Files (x86)\VMware\vCAC\Web API\bin by copying it to a different location.… Read More

How to change the certs for VAMI on VMware vCAC Appliance

I have been working with several customers & after changing the certs for things like vRealize Auotmation using VAMI, they notice that when they access VAMI at port 5480 (ex: https://vra.vt.com:5480), they noticed they still get the self signed cert instead of the signed cert they have installed. The reason for that is the cert that you install through VAMI is not used for VAMI, but to secure connection to the application where in the vRA/vCAC example it’s used to secure connections to the vRA/vCAC portal that is being served at 443.

vRA 62 VAMI invalid security Certificate

For those who want to have a secure signed certs for VAMI, you will have to do it through the command line for now. Below is the instructions provided to me by GSS on how to do so for both the vCAC/vRA identity appliance as well the vCAC/vRA appliance. Please note you can use very similar steps for most of the other VMware appliances that uses VAMI.

Logon to the appliance console (EXVMware Identity Appliance console and execute the following commands:

  1. Copy the rui.pem file (certificate pem file) to the /tmp folder
  2. ls -l /opt/vmware/etc/lighttpd/server.pem and make a note of the server.pem timestamp
  3. cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem.bak
  4. cp /tmp/rui.pem /opt/vmware/etc/lighttpd/server.pem
  5. ls -l /opt/vmware/etc/lighttpd/server.pem and verify the server.pem has been updated
  6. service vami-lighttp restart

Logon to the vCAC Appliance console

  1. ls -l /opt/vmware/etc/lighttpd/server.pem and make a note of the server.pem timestamp
  2. cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem.bck
  3. cp /etc/apache2/server.pem /opt/vmware/etc/lighttpd/server.pem
  4. ls -l /opt/vmware/etc/lighttpd/server.pem and verify the server.pem has been updated
  5. service vami-lighttp restart

Hope this help!… Read More

vCAC 6.x using gugent to run scripts

Lately, I have been getting a lot of questions about how to use the vCAC Gugent to run scripts within the guest OS of your deployed VM. While if you are deploying simple VMs using vCAC this use case might not sound obvious, it has a lot of uses to it in the real world. Before I go through how to get your vCAC Gugent or now called vRA Gugent (Guest Agent) to run scripts, let’s take few examples of why you want to do this:

– Imagine the use case where you want to assign an IP Address in a Guest OS that is not supported by VMware Customization tool. You can actually assign an IP Addess to it by running after deployment  script using the Guagent to change the IP Address of that machine. Actually while I had this post in mind for a while, it end up getting to my top priority today as a colleague was asking me about this use case scenario.

– Imagine the use case where you want to run some security scanning scripts after the OS was fully deployed. This is will be any easy way of doing it.

– Imaging the use case where you want to initialize a client or agent for application deployment/management tool (Ex: Puppet, Chef, Altiris, TSM Client, …)

– It can be even be used as a cheaper dirty way of deploying applications or services.… Read More

VMware vRealize Automation 6.2 and the missing vCO

If you have tried to upgrade your current vCloud Automation Center distributed install to vRealize Automation 6.2 or if you have tried to plan for the upgrade lately, you will notice one piece of the puzzle seems to be missing. At the time vRealize Automation 6.2 was released, vRealize Orchestrator 6.0 was not released yet as it suppose to be a part of the vSphere 6.0 release(not yet released).

While the vRealize Automation 6.2 appliance has came up with a builtin vCO 6.2 with the 6.2 plugin installed which was sufficient for small deployment that did not require a distributed install, customers with distributed install are wondering what to do. In this article I wanted to highlight the three options available to you and when to approach each of these routes.

1- vRealize Orchestrator(vRO) 6.0 has been made available to vRealize Automation 6.2 customers before vSphere 6.0 go GA, where you will have to open a support ticket to obtain it. Here is the KB article documenting that: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2100951

2- Convert a vRA 6.2 appliance into vRO 6.2 appliance, again here is the KB documenting this: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2100951     (Almost there is no more use case for this with vRO 6.0 available to you through GSS.… Read More