vRA/vRO 8.1 Powershell – Peaking Under The Hood

One of the new features in vRealize Automation (vRA) and vRealize Orchestrator (vRO) 8.1 was support for PowerShell. This means there are now 4 scripting language options for Action Based Extensibility (ABX) in vRA and Workflows in vRO. In this post, I’m going to have a look at some of the technical details of the PowerShell implementation.

Why We Should Care

There’s two items that come to mind about why we should care about the PowerShell implementation. The first relates to the history of PowerShell itself. Up until 2016, PowerShell had been based upon the full .NET framework. In that year, Microsoft announced PowerShell Core, which was based on .NET Core. This allowed PowerShell to be used on non-Windows platforms like Linux. This new “branch” of PowerShell had reduced functionality, with many modules no longer working. Eventually PowerShell Core was re-branded to a 6.x version line. In March 2020, PowerShell 7 was released. This version was an attempt to close the gap in functionality between the two branches.

The second item is how PowerShell was used in vRA/vRO 7.x. In 7.x it was possible to add a PowerShell host. The PowerShell host was a Windows system configured to allow vRO to remote into it to execute commands. This created an incredible amount of flexibility because you could install any modules you liked on the host. On the down side, it added complexity (more moving parts to manage) and security issues (like ensuring the PowerShell Host had a network path to each target, and Kerberos double-hopping issues).

With this background in mind, it becomes relevant to figure out what implementation of PowerShell is used in vRA/vRO and other information about the implementation.

Read morevRA/vRO 8.1 Powershell – Peaking Under The Hood

I’m a vExpert!

In June this year, VMware opened applications for their vExpert program. For those not familiar with it, it’s VMware’s “global evangelism and advocacy program”. A key part of it is giving back to the community. This can be via blog posts, helping people on VMware’s forums, participating in VMware user groups and so on. I threw my hat into the ring for it, without any real expectations.

Anyone who has worked with VMware products for any amount of time has ended up relying on the output created by people who are vExperts. I know I have. When viewing the list of people in the vExpert Directory, there was a lot of blog URLs that I recognised.

So when I got the email this week saying I was one of the lucky ones, it was a pleasant surprise. It’s an honor to be recognised by VMware for this. Congratulations to everyone else who got their vExpert awards this year.

Bulk Add Flavor Mappings Using vRA 8 REST API

One of the features added in vRealize Automation 8 (vRA 8) was Flavor Mappings. Flavor Mappings allow various instance types on different cloud providers to be associated with a platform-agnostic label. While it was possible to do something similar in vRA 7, it required a lot of scripting to handle the logic of the choice made. Like many of VMware’s newer products, vRA 8 has a REST API for executing most tasks, and this includes management of Flavor Mappings. Because adding these in bulk can be tedious, I looked at how it might be done with a bit of automation.

Workflow Overview

The vRealize Automation 8.1 API Programming Guide is a good starting point for looking at automating tasks in vRA 8. It has the steps relating to getting authentication done, as well as some general administrative tasks. In the case of what I was trying to achieve, the general workflow looks like this:

Flavor Mapping Workflow
Flavor Mapping Workflow

Read moreBulk Add Flavor Mappings Using vRA 8 REST API

vRealize Automation 8 – cloudConfig

With the increased focus on cloud-based services in vRealize Automation (vRA) 8, VMware have added a lot of new features. One of the key ones for Infrastructure As A Service (IAAS) provisioning is initialising a machine via “cloudConfig”.

How We Used To Do It

Historically, when provisioning a Virtual Machine (VM) either via vRA or directly via vCenter, we would use a Customisation Specification. These were files that controlled certain settings when a VM booted for the first time, such as the administrator password.

Settings from a Customisation Specification

In AWS, Userdata scripts were used to perform similar tasks. This was executed via the EC2Config service/agent that was installed on the AMI templates that were used for deploying EC2 instances. Azure has similar functionality.

Read morevRealize Automation 8 – cloudConfig

Installing Ansible AWX on CentOS 8

AWX is a web application that sits on top of Ansible, providing a “user interface, REST API and task engine for Ansible”. Since AWX can integrate into vRealize Automation, I decided to stand up an instance of it in my home lab.

Installing Ansible

Since I was starting with a complete fresh CentOS 8 system, the first thing I needed to do was install Ansible. Unfortunately, Ansible is not available in the default repos configured in CentOS 8, so the repo for it needs to be added first.

# Add EPEL repo
yum install epel-release
# Install Ansible
yum install ansible
# Confirm installation and version
ansible --version

Read moreInstalling Ansible AWX on CentOS 8

An Introduction to Packer

Recently I had an extended discussion about Packer with a fellow IT professional and recalled some material I had previously put together about Packer. Looking back at this material, I thought an expanded version of it might be worth writing up, with Windows Sysadmins in mind (since that’s my background).

What Problem Does It Solve?

I feel sometimes it’s best to start with what problem we are trying to solve, to help provide context for how a tool might be useful. A number of user stories can capture the problems Packer can solve.

As an Infrastructure Engineer, I want standardised templates for multiple platforms, so that template management is easier and consistent

This talks about a task that many infrastructure engineers and systems administrators have had to perform – regularly updating virtual machine templates on vCenter and other platforms. In some cases, this can be very onerous, so we want an easier way. In other cases, where the templates aren’t maintained, it can lead to increased deployment times (because the “Install Windows Updates” task during the SCCM task sequence takes longer and longer).

As a Security Engineer, I want our infrastructure across multiple platforms to adhere to the same security standards, so that my organisation’s data and reputation are protected

Read moreAn Introduction to Packer

Home lab expansion

For a while now I’ve been hitting the capacity limit of the single server in my home lab. This is the nature of running a lot of VMware’s more recent products on it. The plan had been to get another server, shared storage and a larger switch. This week I was able to bring it all together. There were some problems.

What I already had

The original setup I had included the following items:

  • 1 Dell R710 with a Samsung 970 Evo Plus M.2 SSD (in a M.2 to PCIe adapter), a 128GB SATA SDD and a 1TB SATA SSD
  • 1 5-port Gigabit switch
  • 1 5-outlet power board

The Second Server

For the second server, I tried to get something that was as close to my current one as possible. This meant another Dell R710 with a similar model of CPU and about 128GB of RAM. Fortunately I was able to easily find one for sale on ebay. It came with 4 x 300GB SAS drives. I ended up moving 2 of these to the original server and creating a RAID 1 on each server.

Read moreHome lab expansion

vRealize Automation 8.1 New Features Walkthrough

VMware announced the general availability of vRealize Automation 8.1 a couple of weeks ago. This update includes a wide range of new features and capabilities. Some of these items restore functionality that was lost in transitioning from 7.x to 8.x (such as Approval Policies).

Governance and Policy

Version 8.1 adds some new items under Governance and Policy. Some of these include Approval Policy, limits on resources and view-only roles.

Approval Policy

Approval Policies have been expanded to be more in line with the functionality of what was in 7.x. In one of my first impressions posts about version 8.0, I noted there was only 2 policy types (Lease and Day 2 Actions). There is now a third option called simply Approval Policy.

The new third Policy Type - Approval Policy
The new third Policy Type – Approval Policy

Read morevRealize Automation 8.1 New Features Walkthrough

Updating to vRealize Automation 7.6 Hotfix 7

I had been burned by updating vRealize Automation a little too quickly following a hotfix release. Chrome 75 caused some rendering issues in the deployment forms. These issues were resolved by Hotfix 1, which introduced some extra issues. The most visible one is the duplicate requests on an XAAS (Anything as a Service) blueprint. An example of this behaviour is shown below

Duplicate request
Duplicate request

The second issue that I’ve seen as cosmetic. It was resolved in Hotfix 2. In this issue, labels on an XAAS blueprint rendered correctly in the Designer but when requesting the blueprint via the catalog, the label text would wrap. An example of this is in the image below:

Designer vs Request rendering
Designer vs Request rendering

Read moreUpdating to vRealize Automation 7.6 Hotfix 7

PowerShell 7.0 – Cmdlet Compatibility

In my first post about PowerShell 7.0, I made mention of a major issue that most likely prevent adoption of PowerShell 6.x by Windows system administrators. This issue was the loss of functionality in 6.x, specifically that some cmdlets would not be available due to 6.x being built on .NET Core. The release of 7.0 is meant to help address this, which is the intent of this post.

Cmdlet Compatibility Approach

In reviewing the compatibility for 5.1 and 7.0, I used the management server in my home lab. This is a Windows Server 2019 virtual machine, so it shares the common set of cmdlets that Windows 10 has. As a management server, it also has some additional modules/cmdlets available:

  • Windows Server Role-based modules such as ActiveDirectory and DnsServer
  • SQLPS from the installation of SQL Server 2014
  • cmdlets associated with VMware’s PowerCLI
  • cmdlets associated with ChefDK
  • AWS’s PowerShell module

While not comprehensive, this does give good coverage of built-in, Microsoft-provided and third-party provided items.

Read morePowerShell 7.0 – Cmdlet Compatibility

Bitnami