VMware Cloud Community
jroeser114
Contributor
Contributor

vRealize Orchestrator self service portal for end users

I am new to Orchestrator so forgive the "rookie" question.  I know in earlier version of Orchestrator they had "weboperator" as a way to present workflows to end users.  I am currently on version 7.3  I would like to know if 7.3 offers something like this or if they have a built in web portal to present workflows to for end user assistance?  Or do you have to build the site yourself?  Looking for suggestions on how to give remote administrators access to items without giving them access in vSphere.  I dont want them in that environment but would like to give them options for spinning up VM's with a workflow.

Thoughts?

15 Replies
ericr999
Enthusiast
Enthusiast

Hello,

From what I've learned the webview has been removed. In here we have developped our one Web Portal that connects to the REST Interface of VRO. Its not was perfect as it would be with VRA, but its good enough for the team for now.

And we have developped some workflows that help the users/admins to launch some specific workflows via the web portal we built. And we developped something(with the web portal) that we can easily create a new workflow and import its wfid into the web portal and make it available to the end users when we are ready.

So far we are happy with the result.

gkostova
VMware Employee
VMware Employee

Hi,

Yes, you are right. The web operator has beed removed a long time ago. Do you use vRA in combination with vRO or just vSphere? In vRA you can use XAAS to execute vRO workflows through vRA requests.

Reply
0 Kudos
bhupathysav
Contributor
Contributor

Hi Eric,

Could share the documents or design for your self service portal. We are looking for the same but facing lot issue(REST and php) for setting up Please  your documents may help us to setup. 

Regards,

Mani.

ericr999
Enthusiast
Enthusiast

Hi gkostova,

Well... actually we just found out that we have a lot of vRA licenses unused... but vRA hasn't been installed yet! So anyway, long story short, We are only using our Custom Web Portal with vRO. All calls to vRO are made through REST, but we have some limitations, since we can't really display objects in the web portal, like vcVm, or vcPortgroup and such, which should be easy with vRA.

I'm pushing to get vRA, but our WebPortal is so far advanced with super custom stuff, like approbations, webforms for other teams, etc. Some of these features could be done with vRA but others, impossible to implement in vRA from what I know so far. But don't have enough time to dig into vRA.

ericr999
Enthusiast
Enthusiast

Hi bupathysav,

I would love to share my documentation. But sadly the company won't allow it. But I can try to answer your questions as best as possible. And can link you to pointers.

Have you read the REST documentation provided by VRO in your server ? (https://server:8281/vco/api/docs/index.html )

In our web portal, we have managed to use the presentation controller to retrieve the input elements and create a webpage based on these elements. That was done by the php dev guy.

And once we are ready the web portal will call the VRO instance using the executions controller (https://server:8281/vco/api/docs/index.html#!/execution-controller/startWorkflowExecutionUsingPOST_1 )

What's the issues you have ?

Regards,

bhupathysav
Contributor
Contributor

Thanks for your prompt response, really impressed, since I am trying this for last several months I feel now I got the right expertise to help on this.

Find the challenge below what I am facing with the self-service portal. I would need your suggestions and guidance on this.

As a starting point, we picked up the task of upgrading ‘RAM’ of a virtual machine via self-service portal using REST API. Attached the code sample that is created. Language/Library used are PHP, AJAX, and HTML, HTTPFUL.phar.   

  1. The HTML pages reside on a Linux ‘Web Server’ (vmram.html, jquery-3.2.1.min.js, vRAM.php)
  2. The inputs (VMNAME and RAM Size) are provided in the HTML page, which is passed to .php file via ‘POST’ method.
  3. Through API call, The VMNAME is searching in the VCenter that are added to vRO and respective ‘vm-id’ is retrieved.
  4. The ‘vm-id’ retrieved in ‘Step 3’ is used as an input to ‘JSON’ Call which modifies the ‘RAM size’ to the updated value.

Note: The .php files contain VRO server information that invokes the respective work-flow (Modify RAM).

We would like to know, does the similar approach can be implemented in the production environment and continue working on automating other vCenter related tasks or can this be done in a better way?

As you suggested in the above response, how the above RAM Modify tasks can be achieved with the help of presentation controller and executions controller?

Note: As per the current approach a separate .php file need to be created for each vCenter related tasks that need to be automated.

ericr999
Enthusiast
Enthusiast

Ah I see, you are trying to pass the vsphere object directly from php ? Is that what's causing your issue ?

On our end we haven't done that, we actually did something similar for changing RAM/CPU of a VM, sorry its in french. But anyway basically, the vmName, cpu, ramGB, ownerEmail is all displayed in our web portal, and all this is retrieved via the presentation controller. And all these inputs, are just strings, we wanted to simplify the data entry in the portal, and we want to make sure that whatever technology is used in the web portal we can switch to another language and don't have to find a library to manage vCenter objects, because I'm sure in your php code you must have a library to use the vcVm object right ? So all our inputs are strings, then, once the workflow is started

pastedImage_0.png

pastedImage_1.png

So everytime we have to run a workflow against a vm, we search through all the vcenters get the vcVm object then input it for other actions/workflows, if we find more than one vm with the name we are looking for, we fail.

Otherwise everything is good, we proceed with the ajustement if the vm.

bhupathysav
Contributor
Contributor

Hi Eric,

Thanks for your reply, May I know how you are posting the inputs via Presentation Controler from Web portal.  Please help us to understand in detail. we are unable to progress further.

awaiting for your response.  I have shared my email id below.

Regards,

Bhupathysav.

Bhupathysav@gmail.com

Reply
0 Kudos
ericr999
Enthusiast
Enthusiast

Well in the webpage, the php guy developped a page that will gater details from the Presentation controller(https://server:8281/vco/api/docs/index.html#!/presentation-controller/getPresentationForUsingGET_1 ) and it will pull input values and create a form based on the values that he gets from the GET. The form looks like this:

pastedImage_0.png

So the, once the fields are filled out the user clicks on the Send, it will call the API at the URL:

https://server:8281/api/workflows/{workflowId}/executions

do a POST and send the values in the body of the post:

https://server:8281/vco/api/docs/index.html#!/execution-controller/startWorkflowExecutionUsingPOST_1

And boom the workflows is started, I then used the received values search for the vmName, retrieve the vcVm object and use it for the workflow.

Let me know if this helps you out.

So far I haven't found a better way to do this. But this way its super simple and I don't need to maintain a library that would connect to the vCenter. But doing a search every time has been a very good option for us.

Reply
0 Kudos
bhupathysav
Contributor
Contributor

Hi Eric.

Thanks for your reply, May I know the reason why the portal has workflow ID? Please refer the screenshot.

Also please clarify do have seprate .php file for each workflow?

Are invoking the workflow through curl or HTTPFUL or any other?

How to solution with multiple vRO instances and how the authentication can handled from the vRO?

Sorry for bugging more on this, the above queries will make us to understand more on the deployment.

pastedImage_0.png

Reply
0 Kudos
ericr999
Enthusiast
Enthusiast

Hi buhpatysav,

No problem, ask all you questions! Its a great way for me to share my experience.

The dev guy responsible for the website, did a import website for importing workflows into the database.

Once imported you can see all workflows and their id. It looks like this, so only 1 php page that will get the info from the database and then run the workflow associated.

pastedImage_0.png

That way, I'm not dependent on the web guy, I can create workflows without his help and add them to the page.

If I want to add a workflow manually, or import all of them based on a specific directory that he has hardcoded on his side.

If I add a Workflow manually, I can grab it from anywhere in my structure of directories.

pastedImage_1.png

If I import it manually it looks like this:

pastedImage_2.png

I fill in the Workflow ID, click on validate it will gather the info in the presentation like the name and description, if its the right workflow, I will then link that workflow to a group in our webportal so specific group can run it. And users will see workflows associated for their group only and not other workflows unrelated to them. I can also activate or deactivate a workflow for end users.

When we click on run in the website, not sure how the dev guy did that part. I would have to ask. But now they have changed from php to .NET(long story!!), but I believe they are using a library to do that.

Multiple vro Instance, well our servers are in a cluster active/passive with a BIG-IP LoadBalancer in front. I don't run in active/active for the only reason that the log files are not shared through all VRO servers.

Let me know if you have any other questions.

Reply
0 Kudos
bhupathysav
Contributor
Contributor

Hi Eric,

Thanks for your update,

We tried to executing the vRAM upgrade workflow by using XML(body) via REST client add-on from Mozilla. Here the challenge we have is, the part of XML body highlighted will vary depending on the type of workflow(E.g. Datastore Add, modify and DRS config etc). We would like to know, how can we create dynamic XML body for each workflow by avoiding use of multiple .PHP file? or any other alternate method if any.

As you suggested, we were able to retrieve the input parameter for each workflow by using the presentation controller, however we are unable to relate(understand) with dynamic creation of the HTML pages by using the Input-parameter and XML body to POST VRO workflow.

Workflow XML Body.

+++++++++++++++++++++++++++++++++++++++++++   
<execution-context xmlns="http://www.vmware.com/vco">

< parameters>
<parameter description="New memory value" type="number" name="memory">
< number>2048</number>
< /parameter>
< parameter description="VM Name" type="string" name="VMName">
< string>Linux</string>
< /parameter>
< /parameters>
< /execution-context>

https://10.190.155.25:8281/vco/api/workflows/c69014bd-c3b2-4b06-b861-f3e08c98c1aa/executionshttps://...

+++++++++++++++++++++++++++++++++++++++++++++++

Shall we have call if possible to discuss and understand more, please try to spare some time with us to move forward.

Thanks,

bhupathysav

Reply
0 Kudos
ericr999
Enthusiast
Enthusiast

Hi bhupathysav,

Sorry for the delay. Had a lot to do lately.

Have you been able to make it work ?

For the xml body of each workflow, I honestly don't know that was done by another team. And that team is no longer using php for our web portal we have migrated to .NET.

But my guess is they are gathering the info from the presentation controller, once that's done they parse through the values required, and they create dynamically the page, input variable after another. But how they do it I really don't know.

Let me know if you have any other questions.

Reply
0 Kudos
bhupathysav
Contributor
Contributor

Hi Eric, 

THanks for guidance, we couldn't get the above query and we working on it. in the meantime, as the organization has directed us to use the JavaScript(JS) to invoke the Work Flow. In that, we are unable to authenticate service account against vRO.  The vRO authentication has integrated with AD(LDAP). while invoking the WF we are getting the error code 401: Unauthorised  (401 full authentications required to access the resource. attached the html and JS code with this. Any pointers? 

JS script

<!DOCTYPE html>

<html>

<head>

        <title>Open console and type testwebclient2()</title>

</head>

<body>

<h1>Open console and type <code>testwebclient2()</code></h1>

<script src="js/jquery.min.js"></script>

 

<script type="text/javascript">

        function testwebclient2(){

var vmname = 'Linux';

var RAM = 2;

var CPU = 8;

 

var usr = 'user.name@domain.com';

var pwd = '*******';

var vroServer = '10.xx.xx.06:8281';

// URL for the request

 

var wfid = 'f3d58869-3a4c-4a26-8841-30b0dc6ab6f3';

// URL for the request

var workflow_invoke_url = "https://"+vroServer+"/vco/api/workflows/"+wfid+"/executions";

 

var vRO_Request_Data = '{"parameters": [{"value":{"number": {"value": "'+RAM+'"}},"type": "number","name": "memory","scope": vmname+'"}},"type": "string","name": "VMname","scope": "local"},{"value":{"numbe

 

 

function success(data, textStatus, jqXHR){

                console.log('result for post request',data, textStatus, jqXHR);

                getData();

        }

 

$.ajax({

          type: "POST",

          url: workflow_invoke_url,

          data: vRO_Request_Data,

          success: success,

          dataType: 'application/json',

          headers: {

            "Authorization": "Basic " +  btoa(usr + ":" + pwd)

          },

        });

 

        }

</script>

</body>

</html>

*********************************************************************************

 

Thanks and regards,

Bhupathysav

Reply
0 Kudos
ericr999
Enthusiast
Enthusiast

Nice, you are getting closer!

Make sure you have the right permissions set on the folders or workflows you want to run.

pastedImage_0.png

And that group we created it in the vsphere tenant for the authentification.

And the user used to trigger the execution is in the AD and was added to that VROSCCM group in the PSC.

But if you are getting a 401, is actually a good thing.

Guess you already double checked, but make sure the password is good, and the username it should work if you use in the format username@yourad.fqdn.local, not the domain of the vsphere tenant.

Have you tried making it work with a RESTClient in Firefox for exemple ? That helped me a lot.

Thanks!

Reply
0 Kudos