Skip to main content

 

Using vCenter Content Library with vRealize Automation 8


To speed up vRA VM deployments a common used practice is to copy the “golden” VM templates to each vSphere cluster with a script or via vRealize Orchestrator. In addition for vRA7 environments, the custom property “CloneFrom” [Custom Property] in combination with an Orchestrator Workflow is used to select the template from the cluster that the new VM is deployed to. All of this is quite a time consuming and error prone job. For vRA8 I decided to research a different approach by making use of the vCenter Content Library.

In reality there are many ways to configure your vCenter(s) and clusters, but in this blogpost I want to look at the scenarios where you have one vCenter and multiple datacenters or multiple clusters within a datacenter. Each datacenter has one or more clusters. See the pictures below for my test setup:

  • vCenter 7.0u3c with 3 datacenters.
  • Datacenter “dc-mgmt” has two clusters, each with one host
  • Datacenters “dc-xray” and “dc-zulu” each have one one cluster with one host.
  • Each cluster has its own dedicated NFS datastore.

The version of vRealize Automation I am using is vRA 8.6.2

vCenter – Content Libraries

I have created a local content library named “Linux” in the cls-mgmt cluster on the datastore “ISO”.
In this Content Library I have 1 VM Template; “tpl_ubuntu18”.
Note: VM Templates can only be subscribed to if it is in ELM or in the same vCenter

… and 2 OVA Templates; “Photon4-rev1” and “Photon4-rev2”.

-> Btw: Photon is great for deployment testing as it does not require many resources and is very fast to deploy. You can find the Photon OVA files on [Github]. These OVA files can be imported directly in your Content library. Basic GuestOS configuration can be done with cloud-init through a cloudConfig section in your Cloud Templates. See a sample on my [github].

I have created subscriber Content Libraries for each cluster pointing to the local “Linux” Content Library. The Content Libraries are stored on the per cluster dedicated NFS share.

vRA Configuration

vRA Cloud Account with 3 datacenters:

In my case I added the (virtual) datacenters after vRA Deployment, so I had to change this on the vCenter Cloud Account.

vRA image Mapping

For each image, I have created an image mapping, pointing to the corresponding datacenter. As you may notice from the screenshot, you can only select the Image name of the Local Content Library. This may look a bit confusing, but see the explanation at the end of the blogpost.

To clarify further; it is possible to select an image from a subscribed Content Library

Note: in these tests, I am using “image” in my Cloud Templates. You may also skip the image mapping part and use “imageRef” in your Cloud Templates. See further down below.

vRA Flavor mappings

Note: in these tests, I am using “flavor mappings” in my Cloud Templates. You can skip the flavor mapping configuration and use the properties “cpuCount” and “totalMemoryMB” your Cloud Templates if this is for vSphere only. See further down below.

Network Profiles

I have created Network Profiles (just standard switches) for each datacenter and tagged them accordingly. This is not specifically needed for the tested scenario’s, but more part of how my homelab is setup.

Note: don’t forget to attach a network (Portgroup) form the corresponding Datacenter.

vRA Cloud Zones

I have configured Cloud Zones for each cluster and tagged them with cz:<cluster hostname>

vRA Project

For the project “p-infra” I have added the 4 created Cloud Zones as provisioning Option

vRA Cloud Template

The Cloud Template I have used can be found on [Github].

Note the line “image: photon4-rev2“.
If you don’t want to use image mappings, imageRef can be used: #imageRef: Linux / photon4-rev2

In a similar way if you don’t want to use Flavor Mappings, you can use the “cpuCount” and “totalMemoryMB” properties.

inputs:
  vmcloudzone:
    type: string
    title: Cloud Zone
    default: wrkld
    enum:
      - infra
      - xray
      - zulu
      - wrkld
  vmflavor:
    type: string
    title: Size
    default: tiny
    enum:
      - tiny
      - small
      - medium
… … 
resources:
  VM:
    type: Cloud.vSphere.Machine
    properties:
      name: '${propgroup.pgGuestOS.linux + input.pgDeploy.vmEnvironment + input.pgDeploy.vmServertype + input.pgDeploy.vmLocationcode}'
      image: photon4-rev2
      #imageRef: Linux / photon4-rev2
      flavor: '${input.vmflavor}'
      #cpuCount: 1
      #totalMemoryMB: 1
      constraints:
        - tag: 'cz:${input.vmcloudzone}'

Deployments

Deployment in same datacenter on cluster “cls-wrkld”

After successful deployment, Select the VM, the Topolgy tab and under Custom Properties look for Image and imageId. As you can see the value for imageId is “Linux-cls-wrkld/photon4-rev2” which relates to the Content Library on the cls-wrkld datastore.

The same result is found when deploying in a cluster in another datacenter as you can see in the image below: imageId is “Linux-dc-zulu/photon4-rev2

Besides checking the imageId after deployment, you can also tail/check the content library log from vCenter. The file you need to look at is /var/log/vmware/content-library/cls.log

See the log snippet below:

| ImportSessionActivity          | Created disk transfer session urn:transfer:4f02c820-cf28-4947-98c8-3565a8b82322 for import session 15f2ae99-a4ec-45ad-b06d-8c8251a721f4 to VM vldg0200004 from library item photon4-rev2 (ID: 9d3908aa-7416-49cf-ad1d-b793037e7384) in library Linux-dc-zulu (ID: 8dea9374-4b16-4f47-a051-d8141aa705f2)

How does vRA find the template to be used?

Thanks to a great session we had with Engineering, we found out the way that vRA finds the template to be used: After receiving a provisioning request with cluster, datastore and template, vRA will search for all replica templates corresponding to the publisher template. vRA then chooses the replica template based on the following sequence;

  1. Replica template on the target data store?
  2. Replica templates on the storage of target?
  3. If no replica template is found, the publisher template is used.

The flowchart for the above process looks as follows:


Labels:

Comments

Post a Comment

Popular posts from this blog

  Issue with Aria Automation Custom form Multi Value Picker and Data Grid https://knowledge.broadcom.com/external/article?articleNumber=345960 Products VMware Aria Suite Issue/Introduction Symptoms: Getting  error " Expected Type String but was Object ", w hen trying to use Complex Types in MultiValue Picker on the Aria for Automation Custom Form. Environment VMware vRealize Automation 8.x Cause This issue has been identified where the problem appears when a single column Multi Value Picker or Data Grid is used. Resolution This is a known issue. There is a workaround.  Workaround: As a workaround, try adding one empty column in the Multivalue picker without filling the options. So we can add one more column without filling the value which will be hidden(there is a button in the designer page that will hide the column). This way the end user will receive the same view.  
Post a Comment
Read more

57 Tips Every Admin Should Know

Active Directory 1. To quickly list all the groups in your domain, with members, run this command: dsquery group -limit 0 | dsget group -members –expand 2. To find all users whose accounts are set to have a non-expiring password, run this command: dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0 3. To list all the FSMO role holders in your forest, run this command: netdom query fsmo 4. To refresh group policy settings, run this command: gpupdate 5. To check Active Directory replication on a domain controller, run this command: repadmin /replsummary 6. To force replication from a domain controller without having to go through to Active Directory Sites and Services, run this command: repadmin /syncall 7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands: set l echo %logonserver% 8. To see what account you are logged on as, run this command: ...
Post a Comment
Read more
  The Guardrails of Automation VMware Cloud Foundation (VCF) 9.0 has redefined private cloud automation. With full-stack automation powered by Ansible and orchestrated through vRealize Orchestrator (vRO), and version-controlled deployments driven by GitOps and CI/CD pipelines, teams can build infrastructure faster than ever. But automation without guardrails is a recipe for risk Enter RBAC and policy enforcement. This third and final installment in our automation series focuses on how to secure and govern multi-tenant environments in VCF 9.0 with role-based access control (RBAC) and layered identity management. VCF’s IAM Foundation VCF 9.x integrates tightly with enterprise identity providers, enabling organizations to define and assign roles using existing Active Directory (AD) groups. With its persona-based access model, administrators can enforce strict boundaries across compute, storage, and networking resources: Personas : Global Admin, Tenant Admin, Contributor, Viewer Projec...
Post a Comment
Read more