Jan 09

vCAC & vCO a marriage made in the clouds – Part 2

After a long holiday season it’s officially time to get back at it and I thought no better time than the present. So here we go into Part 2 which will focus on configuring the connections between vCO and some useful components. If you haven’t reviewed Part 1 feel free to follow the link below.

Part 1: vCAC and vCO – Configuration
Part 2: vCO -> Powershell, vCenter, and AD
Part 3: Automating a state change
Part 4: Automating a menu action

The process in this post will start with the Powershell host, then vCenter, and finally Active Directory. Once these are configured you will be able to associate actions or state changes from vCAC in Part 3 and 4.

Let’s jump right in!
Before we log into the vCO client there are a few steps you will need to execute on your vCAC Appliance and whatever host you plan to use as your Powershell host. I personally use the vCAC IaaS (windows) host as the Powershell host.

**Important note pointed out by a couple of my fellow team members there is a chance that the powershell/winrm setup may fail if the firewall on your host is disabled. See these two kb articles

http://support.microsoft.com/kb/2004640

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2070228

First log into your Window Powershell host and download this script.

set-executionpolicy unrestricted

cd to the directory where you downloaded the script above and run .winrm.ps1
1 Run winrmps1

Now test that the commands opened up the winrm access to the host.
winrm id -r:hostname.fqdn -a:Kerberos -u:userid@fqdn -p:password
Which will give you these results if successful.
2 Test Powershell Host

Next you need to log into the vCAC appliance either via console or through SSH with root. Edit the krb5.conf file by executing the following. Click here for a link to download a generic example.
vi /etc/krb5.conf

THIS SCREEN IS AN EXAMPLE, CASE IS VERY IMPORTANT!!!
3 krb5conf on the vCAC appliance

Launch the vCO client
Vmware vcloud automation center appliance

Login in when prompted with administrator@vsphere.local account. You will then be greeted with the vCO home page. Make sure to select Run in the drop down and expand the tree until you get to “Add a Powershell host” -> Right click and Run or click the green run arrow. Add vCAC host workflow
4 Add a Powershell host

You will now be prompted with a workflow to configure the connectivity to the Powershell host. This workflow will prompt you for the following details

Step 1:

  • Name – This is simply what you want to call the Powershell host
  • Hostname – %hostname.FQDN%
  • Port – Leave blank

Step 2:

  • Remote Host Type – WinRM
  • Protocol – HTTP
  • Authentication – Kerberos

Step 3:

  • User – Should be user@FQDN
  • Password –

Step 1
5 hostIP config 1

Step 2
6 Typeprotocolmethod 1

Step 3
7 user and pass 1

This process will take a few moment, after which you will see the green check mark next to the workflow.
8 Complete 1

Now expand the tree until you get to “Add a vCenter” -> Right click and Run or click the green run arrow. Add vCAC host workflow
9 Add a vCenter Server 1

You will now be prompted with a workflow to configure the connectivity to the vCenter Server. This workflow will prompt you for the following details

Step 1:

  • vCenter Instance – This should be the host.fqdn of your vCenter Instance (you can add multiple)
  • Port – Should be 443
  • Location of sdk – /sdk

Step 2:

  • HTTP Port – Leave Blank
  • User – Username with administrative access
  • Password –

Step 1
10 hostportcert 1
Step 2
11 user and pass 1

This process will take a few moment, after which you will see the green check mark next to the workflow.
12 Complete 1

Now expand the tree until you get to “Configure Active Directory” -> Right click and Run or click the green run arrow. Add vCAC host workflow
13 Configure Active Directory 1

You will now be prompted with a workflow to configure the connectivity to the vCenter Server. This workflow will prompt you for the following details

Step 1:

  • AD controller – This should be the host.fqdn of your vCenter Instance (you can add multiple)
  • Port – Should be 389
  • Root – This should be in LDAP format
  • SSL – No unless required which will change the port above
  • Default Domain – FQDN

Step 2:

  • User – Username with administrative access should be in user@domain
  • Password –

Step 1
14 hostportdomain 1

Step 2
15 user and pass 1

This process will take a few moment, after which you will see the green check mark next to the workflow.
16 Complete 1

Congrats you are now capable of orchestrating any of these items. If you venture into the workflows you will see that there is almost nothing you can’t automate through orchestration. Stay tuned for Part 3 and 4 to see how we take that orchestration to the next level and offer it as a menu item or tie it directly to a provisioning stub.

gary.coburn

Pure technologist at heart, founder of Extendingclouds, and is considered to be a cloud expert in the IT field with over 15 years experience in Virtualization, Automation, and Cloud technologies. Gary Coburn started in the industry designing and implementing large scale enterprise server and desktop virtualization environments for a global manufacturing firm in West Michigan. Later went on to become a key pre-sales/post sales resource for a Regional SI. In Aug 2010 moved to VMware and have progressively moved from Michigan Enterprise SE, to Regional Specialist, and now a National Specialist
Gary has helped dozens of fortune 100 and 500 enterprises successfully adopt both private and public cloud strategies as part of their IT offerings. The result of which was large operational and capital savings for his customers. Gary continues to help large enterprise customers reach their hybrid cloud strategies at VMware. On Extendingclouds you will find exclusive content that will help you learn how to adopt a successful cloud strategy through the use of VMware Cloud Automation Center, Open Stack, and other industry recognized cloud solutions.

2 comments

    • Tim on October 20, 2016 at 3:42 pm
    • Reply

    The link to download the winrm script is no longer valid. Please assist in providing a good link.

    Thanks.

    1. Sorry about that https://www.dropbox.com/s/r1lyujguqvqv6a3/winrm.ps1?dl=0

Leave a Reply

Your email address will not be published.