Our app team has requested a workflow that will add a CNAME into DNS for dev boxes. In and of itself this is pretty easy to do. I also decided that it should have a lease so the CNAMES can be cleaned up every 30 days unless extended. Has anyone came across something like this before?
If I am understanding your question correctly. Your looking for a second day type of workflow that will update your DNS platform with cnames of the dev boxes. Is that correct? I have alot of 2nd day operations tasks like that but I am not quite sure what exactly you are looking for.
As part of our provisioning process we add the new VM to our IPAM solution. There are times in which our dev team would like to create a CNAME entry as well. I want to keep the request for a CNAME as a separate request. I also want to have a lease for this request so it will be removed from IPAM when its no longer needed. Since this would be nothing except a script I'm not sure how or if its possible.
XaaS items have no concept of an expiration action associated with them, and there's really not framework to do so. The best thing I can think of would be for a new deployment XaaS to simultaneously set up a scheduled vRO workflow which serves as the delete operation.
XaaS is going to be your friend here. Once you have the workflow to create and another workflow to remove the dns entries working the way you want then you create two new XaaS blueprints for these workflow and present as a catalog item in vRA. Does that sound like what you are looking for?
I was down a similar path. I don't know if the delete after 30 days would work though. I can see the developers forgetting that the CNAME is going away and publishing it for consumption.
Gotcha and this is something I have put in place to deal with something similar. I have two workflows, one is a decom that has a "scream test" so the process runs and established the date it should end ( 5 business days) and creates a scheduled task to finish the decom at that time.
The second workflow creates a temp admin account on the ESXi hosts directly and following the same pattern the workflow creates a scheduled task to remove the account 24 hours later
That's what I plan to do. Just need to get everyone to sign off that they know the CNAME request will be whacked in 30 days with no notification. Well, I supposed I can send an automated email letting them know it happened.
ok lets take the remove CNAME process a tab bit further. Once you have the remove XaaS imported and configured you could create a approval policy for the removal and make the owner or the support group the approvers. Add the end of the 30 days the remove catalog item is lauched and the user and approve the delete or reject if they still need it and schedule the task to launch again in x amount of time.
Now to use the approval policy in this way you are going to need to use the vRA API to launch the catalog item and not just the workflow on the orchestrator appliance.
Hows that sound?
Sounds like I need to dig into the API. I haven't done that yet.
check this out.... vRA API Samples