Realize Orchestrator (vRO) is workflow engine that allows you to extend the capabilities of vRA Cloud services. It is used as integration endpoint between vRA Cloud services and other third parties running on-prem or in the cloud. vRO comes bundled with set of commonly used plugin's (vSphere, Active Directory, Power Shell, REST...) to help you automate your existing business processes. For example one common scenario could be on-boarding of new employee. In such case usually there is set of resources that need to be provision and often an approval is required for them. Will concentrate on the approvals part and implement "Custom Approval policy" using vRO and popular issue tracking system "JIRA".
User requests a machine. Before machine is provisioned approval need to be granted.
- vRA Cloud account
- vRO 7.6 SaaS registered in vRA Cloud Configure vRealize Orchestrator integration in Cloud Assembly
- Access to JIRA Server with permissions to create project.
- User logins in vRA Cloud and requests a machine.
- JIRA ticket is created and assigned to authorized party.
- If JIRA ticket is APPROVED then proceed with the request
- if JIRA ticket is REJECTED machine request is also rejected.
Create blocking subscription "Wait for Approval" and attach it to "Compute Allocate" phase. When subscription is triggered it will invoke a vRO workflow "Wait for approval" to create JIRA ticket and assign it for approval. vRO workflow "Wait for approval" will wait for JIRA ticket status to reach "APPROVED" or "REJECTED" state before unblocking the deployment.
For the impatient
- JIRA Create test JIRA project. Make sure to use "Process Management" template and project key is "VRO"
- VRO Import com.vmware.jira.approval.package.
- VRO Add vRO REST Endpoint "Approvals JIRA" using "Library→ HTTP-REST→Add a Rest host" workflow pointing to your JIRA Server.
- VRO Edit Configuration "com→ vmware→ Jira→ JiraApprovalConfiguration"
- Set jiraHost to "Approvals JIRA" REST host
- Update jiraProjectKey to match your JIRA project key.
- VRA CLOUD Create Extensibility Subscription "Wait for approval"
- Event Topic is "Compute Allocate".
- Runable Item is set to vRO Workflow - "Wait for approval"
- Blocking is enabled
- VRA CLOUD Set Projects→Your Project→Provisioning->Request Timeout
- Test it!
- VRA CLOUD Request a machine deployment
- JIRA Check Jira project for the approval issue and Approve it or Reject it!
- VRA CLOUD Check the status of your deployment.
JIRA Action is performed inside JIRA server
VRO Action is performed inside vRO server
VRA CLOUD CLOUD Action is performed inside vRA Cloud
Approvals Configuration & Demo ...
Continue reading for more detailed look at the solution...
JIRA has nice REST API and vRO already comes bundled with REST plugin so let's use it!First step is to create new JIRA project for the approvals demo. I choose to use "Process Management" template since it comes out of the box with default JIRA server installation and correspond well with our use case. It has "APPROVED" and "REJECTED" status in default workflow. If you choose to use different template make sure to update "JiraApprovalConfiguration" accordingly.
Once we already have JIRA project to work with next step is to add JIRA server as vRO REST Endpoint. This enables vRO Server communication with JIRA server and we will use it to create new issues and track their status.
Inside vRO Client navigate to "Library→ HTTP-REST→Add a Rest host" workflow and run it.
Provided Name, URL, authentication method and credentials valid for your JIRA server. I am using local JIRA server with Basic authentication which makes the task trivial.
After "Add a Rest host" completes successfully you should be able to see new REST endpoint (in my case I named it "Approvals JIRA") under HTTP REST plugin inventory.
4.1. Approvals package
We will need couple of workflows and actions to complete the integration with JIRA.
In vRO Client navigate to Packages view and import package com.vmware.jira.approval.package.
Lets take a closer look at package content.
- createJiraIssue - Performs actual POST request to JIRA server to create new issue.
- getIssue - Contacts JIRA server and returns details for specific issue. Used for Issue status tracking.
- dumpProperties - Print incoming vRO inputs
- "Wait for approval" - Entry point of our integration. When invoked it will create JIRA issue and start waiting till issue reach REJECTED or APPROVED state.
- "JIRA - Wait on issue status" - Helper workflow to wait till Jira issue reaches specified state..
- createIssue.json - JSON template for create issue POST request to JIRA server.
- JiraApprovalConfiguration - Environment specific properties for Approvals integration.
Till now we have a project created in JIRA, required com.vmware.jira.approval.package imported in vRO and a REST endpoint "Approvals JIRA" created.
To link them together we will need to edit "JiraApprovalConfiguration" configuration element deployed with com.vmware.jira.approval.package.
- jiraHost - REST host for communication with JIRA server
- jiraProjectKey - Key of the Pproject in Jira where issues tracking the approvals will be created
- jiraIssueType - Type of the issue tracking the approval. Defaults to "Task".
- jiraIssueRejectedState - Jira issue status which corresponds to Rejected state for the request. When Jira issue status changes to this state request will be rejected. Defaults to "Rejected"
- jiraIssueApprovedState - Configures Jira status which corresponds to Approved state for the request. When Jira issue status changes to this state request will be rejected. Defaults to "Approved"
If you have used the recommended Jira Project template - "Process Management" and project key "VRO" only required change is to set "jiraHost".
vRA Cloud Subscription
Now we need to make vRA Cloud services aware of our "Wait for approvals" workflow.
To do so login vRA Cloud and create a Extensibility Subscription "Wait for approval".
Make sure to set
- Event Topic is "Compute Allocate".
- Runnable item is set to vRO Workflow - "Wait for approval"
- Blocking is enabled
Last configuration change needed is to set "Request Timeout" for your Project in vRA Cloud.
If this project team is deploying blueprints that need more than 2 hours to provision, you can specify an extended period before the deployment fails.
If both the blueprint and the project include timeout values, the largest value takes precedence.
And finally we are ready to test our solution...
Request new blueprint deployment. Once it reaches allocation phase check new JIRA issue should be created and waiting to get approved...
No need to hurry deployment will stay in allocation phase till JIRA issue is Approved or Rejected...
You can also check vRO. There should be new run of "Wait for approval" tracking the status of newly created JIRA ...
Now let's check what happens if we approve it.
Open the issue and update it's states to Approved ("Start Progress"→ "Under Review"→"Approved")
In a while "Wait for Approval" run in vRO should be marked as completed and you should see deployment progressing into "CREATE_IN_PROGRESS"
Video capturing the configuration & test steps is also available
Hope it helps!