Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • VMware vRealize Orchestrator Cookbook
  • Toc
  • feedback
VMware vRealize Orchestrator Cookbook

VMware vRealize Orchestrator Cookbook

By : Langenhan
4 (3)
close
VMware vRealize Orchestrator Cookbook

VMware vRealize Orchestrator Cookbook

4 (3)
By: Langenhan

Overview of this book

VMware vRealize Orchestrator is a powerful automation tool designed for system administrators and IT operations staff who are planning to streamline their tasks and are waiting to integrate the functions with third-party operations software. This book is an update to VMware vRealize Orchestrator Cookbook and is blend of numerous recipes on vRealize Orchestrator 7. This book starts with installing and configuring vRealize Orchestrator. We will demonstrate how to upgrade from previous versions to vRealize Orchestrator 7. You will be taught all about orchestrator plugins and how to use and develop various plugins that have been enhanced in Orchestrator 7. Throughout this book, you will explore the new features of Orchestrator 7, such as the introduction of the control center, along with its uses. You will also come to understand visual programming, how to integrate base plugins into workflows, and how to automate VMware. You will also get to know how to troubleshoot vRealize Orchestrator. By the end of this book, you will be able to get the most out of your Orchestrator installation, and will be able to develop complex workflows and create your own highly integrated automations of vRealize environments.
Table of Contents (14 chapters)
close
close
Preface
Preface
Changes in this edition
A short history of Orchestrator
Best approaches to reading this book
What this book covers
What you need for this book
Who this book is for
Example workflows
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Installing and Configuring Orchestrator
chevron up
1. Installing and Configuring Orchestrator
Introduction
Deploying the Orchestrator appliance
Important Orchestrator settings
Configuring an external database
Configuring external authentication
Connecting to vCenter
Installing plugins
Updating Orchestrator
Moving from Windows to appliance
Orchestrator Client and 4K display scaling
2
2. Optimizing Orchestrator Configuration
2. Optimizing Orchestrator Configuration
Introduction
Tuning the appliance
Tuning Java
Configuring the Kerberos authentication
Configuring access to the local filesystem
Configuring the Orchestrator service SSL certificate
Orchestrator log files
Redirecting Orchestrator logs to an external server
Backup and recovery
Control Center titbits
3
3. Distributed Design
3. Distributed Design
Introduction
Building an Orchestrator cluster
Load-balancing Orchestrator
Upgrading a cluster
Managing remote Orchestrators
Synchronizing Orchestrator elements between Orchestrator servers
4
4. Programming Skills
4. Programming Skills
Introduction
Version control
Changing elements in a workflow
Importing and exporting Orchestrator elements
Working with packages
Workflow auto documentation
Resuming failed workflows
Using the workflow debugging function
Undelete workflows and actions
Scheduling workflows
Sync presentation settings
Locking elements
5
5. Visual Programming
5. Visual Programming
Introduction
Scripting with logs
Scripting with decisions
Error handling in workflows
Scripting with loops
Workflow presentations
Linking actions in presentations
Changing credentials during runtime
6
6. Advanced Programming
6. Advanced Programming
Introduction
JavaScript complex variables
Working with JSON
JavaScript special statements
Turning strings into objects
Working with the API
Creating actions
Waiting tasks
Sending and waiting for custom events
Using asynchronous workflows
Scripting with workflow tokens
Working with user interactions
7
7. Interacting with Orchestrator
7. Interacting with Orchestrator
Introduction
User management
User preferences
Using Orchestrator though the vSphere Web Client
Accessing Orchestrator REST API
Accessing the Control Center via the REST plugin
Running Orchestrator workflows using PowerShell
Using PHP to access the REST API
8
8. Better Workflows and Optimized Working
8. Better Workflows and Optimized Working
Introduction
Working with resources
Working with configurations
Working with Orchestrator tags
Using the Locking System
Language packs (localization)
Working with policies
9
9. Essential Plugins
9. Essential Plugins
Introduction
Working with e-mail
File operations
Working with SSH
Working with REST
10
10. Built-in Plugins
10. Built-in Plugins
Introduction
Working with XML
Working with SQL (JDBC)
Working with SQL (SQL plugin)
Working with PowerShell
Working with SOAP
Working with Active Directory
Working with SNMP
Working with AMQP
11
11. Additional Plugins
11. Additional Plugins
Introduction
NSX integration
Horizon integration
vSphere Replication
SRM (Site Recovery Manager) integration
vROps (vRealize Operations Manager) integration
12
12. Working with vSphere
12. Working with vSphere
Introduction
Working with the vCenter API (to change a VM's HA settings)
Standard vSwitch and Distributed Switch ports
Getting started with vAPI
Custom Attributes and Tags (vAPI)
Executing a program inside a VM
An approval process for VM provisioning
13
13. Working with vRealize Automation
13. Working with vRealize Automation
Introduction
Working with the vRA-integrated Orchestrator
Automating a vRA instance in Orchestrator
Configuring an external Orchestrator in vRA
Adding Orchestrator as an infrastructure endpoint
Adding an Orchestrator endpoint
Integrating Orchestrator workflows as XaaS Blueprints
Managing AD users with vRA
Using the Event Manager to start workflows

Configuring external authentication

To use Orchestrator to its fullest possibilities we should configure it with an external authentication.

Getting ready

We need an up and running Orchestrator and access to the Control Center (root account). Also see, the recipe Deploying the Orchestrator appliance in this chapter.

You should have an AD/LDAP group for your Orchestrator Administrators with at least one user in it. I will use the AD group vroAdmins with its member vroAdmin and my domain is called mylab.local. My PSC/SSO is on vcenter.mylab.local.

If you are using AD/LDAP, then you need only to know the LDAP path to your vroAdmin user and group.

If you are using SSO or vSphere(PSC), you should either have configured SSO to use AD or created a local SSO group and user.

How to do it...

We are splitting the recipe into multiple parts, one for each authentication method.

vSphere (PSC) and vRealize Automation (vRA)

For both vSphere 6 and vRA7, the entry forms look alike and follow the same pattern. However, there are some really important considerations to take into account for both. Please see the How it works... section of this recipe.

To set either vSphere (PSC) or vRealize Automation (vIDM), follow these steps:

  1. Open the Control Center and click on Configure Authentication Provider.
  2. Choose vSphere or vRealize Automation.
  3. Enter the host name of your vSphere PSC or vRA.
  4. After clicking on Connect, you may need to accept the SSL certificate.
  5. You are now asked to enter the User name and Password of an SSO administrator.
  6. Clicking on Configure licenses will automatically configure Orchestrator licensing with the vCenter license.
  7. Enter the default tenant of your SSO and click on Register:

    vSphere (PSC) and vRealize Automation (vRA)

  8. After the registration, you are asked for the admin group. Enter the name of your admin group (or the first letters, such as vro) and click on Search.
  9. Select your admin group from the drop-down menu, such as mylab.local\vroAdmins. In vRA, there is a preconfigured group called vsphere.local\vcoAdminis.
  10. Click on Save Changes and restart the Orchestrator service.

SSO (legacy)

If you are using vRO7 with vSphere 5.5 (minimum update 2) you need to use the SSO configuration:

  1. Open the Control Center and click on Configure Authentication Provider.
  2. Choose SSO (legacy).
  3. Enter the following for Admin URL: https://vcenter.mylab.local:7444/sso-adminserver/sdk/vsphere.local.
  4. Enter the following for STS URL: https://vcenter.mylab.local:7444/sts/STSService/vsphere.local.
  5. Click on Save Changes.
  6. You will now need to accept the SSL certificate of your SSO server (not shown in the following picture).
  7. After you have accepted the certificate you will be asked to enter an SSO admin account and its password, followed by the Default tenant, which is vsphere.local for all 5.5 systems.
  8. Click on Register.
  9. If everything is fine you will now be asked to restart the Orchestrator service. However, we can ignore that for the moment:

    SSO (legacy)

  10. Now you need to choose admin group. Enter the name of your admin group (or the first letters, such as vro) and click on Search.
  11. Select your admin group from the drop-down menu, such as mylab.local\vroAdmins. SSO 5.5 has a preconfigured Orchestrator group called [email protected].
  12. Click on Save Changes and restart the Orchestrator service again.

LDAP

Please note LDAP will be discontinued in further Orchestrator releases and should not be used anymore. Furthermore, using LDAP won't allow Orchestrator to use all its awesome features.

If you are using LDAP, you can choose from the In-process LDAP (ApacheDS), the built-in LDAP, Active Directory, or OpenLDAP.

Please note that LDAP entries are case sensitive. To configure Orchestrator with Active Directory, follow these steps:

  1. Open the Control Center and click on Configure Authentication Provider.
  2. Choose LDAP and then Active Directory.
  3. Enter the domain name of your AD and set the port to 389.
  4. As root, enter your domain in LDAP dc=mylab,dc=local.
  5. Enter the username in LDAP and then the password. Be mindful that in AD, the folder Users is not an OU but a CN, cn=vroAdmin,cn=Users,dc=mylab,dc=local.
  6. It is easiest to set the user and group lookup base to the root of your domain, for example, dc=mylab,dc=local. However, if your AD or LDAP is large, it might be better performance-wise to choose a different root.
  7. Enter the Orchestrator admin group in LDAP, cn=vroAdmins,cn=Users,dc=mylab,dc=local.
  8. Click on Save Changes.
  9. If everything is fine you will be asked to restart the Orchestrator service.

    LDAP

How it works...

Configuring Orchestrator to work with an external authentication enables AD users to log in to the Orchestrator Client. The alternative would be to either have only one user using it or adding users to the embedded LDAP. However, for a production Orchestrator, the embedded LDAP solution is not viable.

PSC/vIDM/SSO is a highly integrated part of vSphere, it can proxy multiple AD and/or LDAP domains and lets you integrate Orchestrator directly into vCenter as well as other corner pieces of VMware software offerings.

If you are using vSphere or vRealize Automation authentication, you have the additional benefit of having Orchestrator automatically licensed. If you are using LDAP or SSO you have to assign a license to Orchestrator.

When using SSO or vSphere, Orchestrator will register in SSO as a Solution User with the prefix vCO.

vRealize Automation and vSphere Authentication

The entry masks look the same, however, they are not. vSphere uses SSO and vRA 7 uses vIDM and those are very different beasts indeed.

When you register Orchestrator with vRealize Automation or you use the vRA embedded Orchestrator you will not be able to use a per-user session with vCenter as the SSO token and the vIDM token are incompatible at this time. I have been informed that the ability to configure the vRA embedded Orchestrator version will not be able to use PSC configuration anymore. The best way to solve this is to use a secondary Orchestrator.

Test login

With the test login, you can test if you can log on to Orchestrator using the Control Center:

Test login

If you get a reply in yellow saying Warning: The user does not have administrative rights in vRealize Orchestrator. Login to the Orchestrator client depends on the user view permissions, it means that the user has been found by Orchestrator but he is not a member of the Orchestrator admin group. See also, the recipe User management in Chapter 7, Interacting with Orchestrator.

Internal LDAP

The internal LDAP has the following preconfigured entries:

Username

Password

Group membership

vcoadmin

vcoadmin

vcoadmins

vcouser

vcouser

vcousers

The LDAP installation is protected to only allow local access to it. Using the internal LDAP is not recommended at all.

There's more...

Changing the Authentication Provider is quite easy. If you choose LDAP and now want to change it to something else, just select the new provider.

If you chose vSphere SSO or vRealize Automation you need to first unregister the existing Authentication Provider. To do this, follow these steps:

  1. Open the Control Center and click on Configure Authentication Provider.
  2. Click on Unregister and then enter the SSO admin's password and click Unregister.
  3. Now you can select another Authentication mode.

    There's more...

See also

Recipes in Chapter 11, Additional Plugins, depict which authentication is the most preferable for the plugins discussed there.

End of Section 6
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete