6 Replies Latest reply on Dec 11, 2017 6:20 AM by jasnyder

    vRA 7.3 - Ansible Integration

    cloudjk Lurker

      I'm fairly new to vRealize Automation Platform. I'm curious If any community members have done this vRA/vRO -> Ansible - HTTPS REST API to invoke a playbook after a successful VM creation. Need some guidance on how to achieve this goal. Appreciate any feedback. I do know there's a third party plugin for ansible but I'm looking to perform this without third party plugin. Thanks

        • 1. Re: vRA 7.3 - Ansible Integration
          jasnyder Expert
          vExpert

          I haven't done this specific thing before, but the question is around provisioning a VM and then calling out to a third-party REST API to kick off the playbook to configure the VM that just got configured, correct?  Do you need to call to a Tower server or a different REST API that would then invoke the playbook?

           

          In any case, the flow would look like this, if the above goal is correct:

          1. vRA Catalog request submitted
          2. VM clone, customization, boot
          3. Call out to vRO workflow with some information about the VM
          4. vRO workflow calls out to third-party REST API to POST the collected information
          5. Third-party server takes the info and does some action with it
          6. (optional) vRO workflow waits pending completion or confirmation from third-party system (perhaps via a period call to the API to check on the status of a job).  This could also be performed by checking some condition within the VM that indicates a complete job.

           

          To do this, you would need to register the REST API endpoint and necessary methods with the vRO HTTP-REST plugin.  Once you have that configured, it would be a good idea to test those methods independently to make sure calling them from vRO works.

           

          Next you need to create the workflow that vRA will call to perform the REST callout.  This will accept an input of type properties to take VM properties from the provisioning operation.

           

          The blueprint needs to be updated with the custom property - Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.MachineProvisioned = *

          That will cause vRA to send the request and VM properties to the vRO workflow when it's called.

           

          Next you need to create an event subscription to call your workflow when the machine lifecycle state name = VMPSMasterWorkflow32.MachineProvisioned and the lifecycle state = POST.  You may also want to add an addition condition to match to the blueprint name so this only runs when a certain blueprint is requested, or another condition that makes sense for when to run it.

           

          OR Option 2 -

           

          All of the above is one possibility.  You might also consider if it's possible to make the callout from a script within the VM once provisioning is complete.  If that is possible, you could use software components to execute scripts on the VM that would do curl or some other CLI tool to callout to the API to invoke the necessary steps.  If you go this route, you can have the script take one or more properties as inputs from the user and use those inputs to make decisions or perform actions specific to the input.  In this case, you would also need to install the vRA guest agent (gugent) and the darwin bootstrap agent on the machine template backing the blueprint.  The agents are responsible for checking in with the vRA and IaaS servers for work items and scripts for software installs.  You could use this option to fetch playbooks from a remote repository and run them locally (not sure if that fits your need in this case).  Which playbook you fetch could be driven by user input (i.e. drop-down to choose a server type).

          1 person found this helpful
          • 2. Re: vRA 7.3 - Ansible Integration
            rstoker13 Enthusiast
            VMware Employees

            Great post jasnyder! We have vRA Advanced and have planned to test using almost exactly the same process as defined in your 'Option 1.' If the OP happens to be licensed for vRA Enterprise, the following blog may be of assistance: The vRA Guest Agent Ansible Integration – VMtoCloud.com

            • 3. Re: vRA 7.3 - Ansible Integration
              cloudjk Lurker

              Thanks a lot for the detailed workflow and steps!! Really appreciated! We are going to use Ansible Tower to call out. I assume option 1 would be the best approach. Also, I see in vRO as HTTP Rest not HTTPS Rest ? Do we need to upload any plugin to support HTTPS REST? Does anybody have any example of how to add a third party HTTPS REST in vRO?

              • 4. Re: vRA 7.3 - Ansible Integration
                jasnyder Expert
                vExpert

                Do we need to upload any plugin to support HTTPS REST?

                No, you will just specify the protocol and port in the host URL.  It will add the server's certificate to the trust store for you.

                 

                Does anybody have any example of how to add a third party HTTPS REST in vRO?

                Here's a quick tutorial using HTTPS to register the local vRO server as a REST host and enumerate and call workflows with it via API from itself.  The value of this particular example is basically null and void outside of showing how to configure a REST API using the plug-in.

                 

                Run the Add a REST host workflow:

                Enter the friendly name of the host and the connection info:

                 

                Choose the authentication type:

                Choose the session type (shared session = uses one credential as a service account; most likely this is the one you need), and enter the username and password.  If you choose per user, the currently logged in user's credential will get passed through.

                 

                Choose whether to use a proxy,  If yes, enter the proxy connection info.  If no, just continue:

                Choose whether to enforce proper x509 validation (i.e. common name matches dns name), and whether you need client certificate authentication (and provide the key if yes).

                After the host is successfully add, you need to add methods using the Add a REST operation workflow:

                 

                Select the host you just added.  Enter the template URL (variables are added by enclosing in braces).  And Select a method:

                 

                Test the method by running the Invoke a REST operation workflow:

                 

                Select the operation to call and enter params and headers as necessary:

                Review the result in the vRO logs (I can see that I got a massive JSON list back of all the workflows in vRO):

                 

                What if I want to get a specific vRO workflow by ID?  I need to add a new operation that goes to /workflows/{workflowId} by running the Add a REST Operation workflow again.  This time the input looks like this:

                 

                Now when I invoke that particular method, I want to get workflow with ID A18080808080808080808080808080808080808001299080088268176866967b3:

                The workflow presentation now gives me a second step to input the parameter values:

                Enter the ID of the workflow in parameter 1, and run the workflow:

                Turns out that workflow happens to be the Invoke a REST operation workflow, and the call to get the info on it returns this:

                What if we want to run a workflow?  Add another operation which is a POST to the /workflows/{workflowId}/executions URI:

                (If you prefer XML, you could put application/xml, but I don't recommend it unless your endpoint requires it)

                 

                Now we'll test the executeWorkflowWithId operation:

                This time, I'm providing an ID of a different workflow that takes a single input and outputs it to the log.

                You'll notice a third step here which is the POST body content.  I pasted this JSON in the content to specify the parameters to the workflow I'm calling with this operation:

                {

                  "parameters": [

                    {

                      "name": "input1",

                      "scope": "local",

                      "type": "string",

                      "value": {

                            "string": {

                                 "value": "test input via REST operation workflow call"

                            }

                      }

                    }

                  ]

                }

                 

                The final step looks like this:

                After hitting submit on that, I verify I get a 202 response:

                And go to check the workflow that I executed with this call:

                 

                Last thing is you can check the HTTP-REST hosts and operations in the inventory tab, just to make sure they got configured.

                • 5. Re: vRA 7.3 - Ansible Integration
                  cloudjk Lurker

                  Thanks a lot for your help guys!! Really appreciate it! I have another question on. How can we remove unnecessary workflows showing up under HTTP-Rest endpoint in vRO? I did couple of tests just for an experiment and would like to remove them and only keep required ones.

                  • 6. Re: vRA 7.3 - Ansible Integration
                    jasnyder Expert
                    vExpert

                    Use the Remove a rest operation workflow:

                    Select the operation from the inventory, and hit submit:

                    Similarly, you can remove a host using the Remove a REST host workflow.