Using the vRSLCM API to Deploy vRealize Automation (Cluster Deployment)
vRSLCM API vRA
Published on 26 August 2022 by Christopher Lewis. Words: 2174. Reading Time: 11 mins.
In this post, we will look at how we can use the VMware vRealize Suite Lifecycle Manager (vRSLCM) API to deploy vRealize Automation (vRA) in a Cluster (three node) deployment configuration into an existing deployment of vRSLCM that has already been configured with a Global Environment that includes VMware Identity Manager (VIDM).
We are going to be using cURL to complete API calls to complete the following operational tasks:
- Create an SSL Certificate for vRealize Automation
- Download the vRealize Automation OVA from MyVMware (AKA VMware Customer Connect).
- Create a new Environment and deploy VMware vRealize Automation 8.6.x (Cluster Deployment).
This post is a part of a series that covers how we can install, configure and manage the vRealize Suite using the vRSLCM API.
Note:
Typically, in a greenfield environment, we deploy vRA using the VMware vRealize Automation Easy Installer so that we deploy vRSLCM, VMware Identity Manager (VIDM) and vRA together. However, it is feasible that someone may already have a vRSLCM deployed with a Global Environment (globalenvironment) already configured if they have other vRealize Suite products deployed.
Prerequisites
The following prerequisites are required for this blog post:
- vRSLCM 8.6.x (or above) has been deployed successfully within the environment.
- vRSLCM local administrator (admin@local) credentials.
- The Global Environment (globalenvironment) has been configured within vRSLCM - see Using the vRSLCM API to Create the Global Environment with VMware Identity Manager (Cluster Deployment) .
- All forward and reverse DNS entries for vRA appliances and VIPs have be configured.
- A Load Balancer has been configured following the recommended configuration for vRA.
Note:
Typically a Cluster Deployment (three node) of VIDM is used in conjunction with a Cluster Deployment (three node) of vRA. However, we can also use the vRSLCM API to deploy a globalenvironment with a single node VIDM, see Using the vRSLCM API to Create the Global Environment with VMware Identity Manager (Standard Deployment) . This combination has not been tested as part of this blog series.
Walkthrough
Create an SSL Certificate for vRealize Automation
Overview
In this section we are going to use the vRSLCM API to create a self-signed certificate for the vRA Cluster deployment. Self-signed certificates can be easily generated and used during the installation of the vRealize Suite if no CA-signed certificate is available. If required, a CA-signed certificate can be generated and replace the self-signed certificate using vRSLCM.
API Request
The following REST API request is required:
- Request Type: POST
- Request URL: https://{vrslcm.fqdn}/lcm/locker/api/v2/certificates
- Request Header(s):
- Accept: application/json
- Content-Type: application/json
- Authorization: Basic {insert credential hash}
- Request Body Values:
- alias - the user friendly name for the certificate in the UI.
- cN - the fqdn of the vip, such as vra.thecloudxpert.local.
- ip - (OPTIONAL) a list of IP addresses that should be included in the certificate.
- host - a list of the fqdns of each host that should be included in the certificate.
- oU - the Organizational Unit value for the SSL certitifcate.
- size - the Key Length of the certificate, either 2048 or 4096.
- o - the Organization value for the SSL certitifcate.
- l - the Location value for the SSL certificate.
- sT - the State value for the SSL certificate.
- c - the Country Code value for the SSL certificate.
Note:
It is a strong recommendation not to include IP addresses in SSL Certificates unless strictly necessary because it removes the flexibility of easily changing IP addresses of appliances.
API Example
An example cURL command for this REST API is:
curl --location --request POST 'https://{vrslcm.fqdn}/lcm/locker/api/v2/certificates' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}' \
--data-raw '{
"alias": "vRealize Automation",
"cN": "vra.thecloudxpert.local",
"ip": [],
"host": [
"vra1.thecloudxpert.local",
"vra2.thecloudxpert.local",
"vra3.thecloudxpert.local"
],
"oU": "thecloudxpert",
"size": "2048",
"o": "thecloudxpert",
"l": "London",
"sT": "United Kingdom",
"c": "GB"
}'
Note:
The –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.
API Response
The response returned from a successful request (Status Code=200 OK) will be something like:
{
"alias": "VMware vRealize Automation",
"key": "{privateKey}",
"certChain": "{chainCert}",
"leafCert": "{leafCert}",
"validations": [],
"validity": {
"period": "1 year, 11 months and 28 days",
"expiresOn": "2024-05-28T11:40:48.000+0000",
"issuedOn": "2022-05-29T11:40:48.000+0000",
"healthy": true
},
"certInfo": {
"subject": "CN=vra.thecloudxpert.local,OU=thecloudxpert,O=thecloudxpert,L=London,ST=United Kingdom,C=GB",
"issuer": "CN=vRealize Suite Lifecycle Manager Locker CA,O=VMware,C=IN",
"san": "DNS: vra.thecloudxpert.local, DNS: vra1.thecloudxpert.local, DNS: vra2.thecloudxpert.local, DNS: vra3.thecloudxpert.local",
"algorithm": "SHA256WITHRSA",
"keyAlgorithm": "RSA",
"keyLength": 2048,
"sha256": "{sha256 fingerprint}",
"sha1": "{sha1 fingerprint}"
}
}
For more information on Managing SSL Certificates in vRSLCM, see Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Managing SSL certificates .
Download the vRealize Automation OVA from MyVMware
Overview
In this section we are going to be using an API request to download the vRealize Automation installation Product Binaries (OVA) from My VMware (AKA Customer Connect) to the vRSLCM appliance.
POST API Request
The following REST API request is required:
- Request Type: POST
- Request URL: https://{vrslcm.fqdn}/lcm/lcops/api/v2/settings/my-vmware/product-binaries/download
- Request Header(s):
- Accept: application/json
- Content-Type: application/json
- Authorization: Basic {insert credential hash}
- Request Body Values:
- productId - The ID (or shortcode) for the specific product, in this instance we are going to be using
vra
. - producName - The Name for the specific product, in this instance we are going to be using
VMware vRealize Automation
. - productVersion - The supported Version of the product, in this instance we are going to be using
8.6.0
. - productBinaryType - The Binary Type, in this instance we are going to be using
Install
. - productBinaryPath - This should be set to
null
when downloading from My VMware. - componentName - This should be set to
null
when downloading from My VMware. - mappingType - This should be set to
null
when downloading from My VMware. - requestId - This should be set to
null
as it is generated as part of the API request. - removeBinary - This should be set to
null
when downloading from My VMware.
- productId - The ID (or shortcode) for the specific product, in this instance we are going to be using
API Example
An example cURL command for this REST API is:
curl --location --request POST 'https://{vrslcm.fqdn}/lcm/lcops/api/v2/settings/my-vmware/product-binaries/download' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}' \
--data-raw '[
{
"productId": "vra",
"productVersion": "8.6.0",
"productBinaryType": "Install",
"productBinaryPath": null,
"componentName": null,
"mappingType": null,
"productName": "VMware vRealize Automation",
"requestId": null,
"removeBinary": null
}
]'
Note:
The –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.
API Response
When submitting that request, a request is created and the API response should be a request ID for you to track. Something similar to:
{
"requestId": "68ad91d7-8df5-4316-8a05-46d0875437dc"
}
Remeber we can track the progress of requests via the API too! Check out Using the vRealize Suite Lifecycle Manager (vRSLCM) API to track vRSLCM Requests for more information!
Create a new Environment and deploy VMware vRealize Automation 8.6.x (Standard Deployment)
Overview
We are going use API calls to create a new vRSLCM Environment and deploy vRealize Automation in a standard deployment (single node) configuration. As we can see there is a lot of information required within the REST API body. This is because we are, essentially, creating an answer file for the deployment wizard we would be stepping through if we did this via the UI.
API Request
The following REST API request is required:
- Request Type: POST
- Request URL: https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments
- Request Header(s):
- Accept: application/json
- Content-Type: application/json
- Authorization: Basic {admin@local credential hash}
- Request Body Values:
- environmentName - the friendly name of the environment when seen in the vRSLCM UI.
- Infrastructure:
- Properties:
- dataCenterVmid - the target datacenter vmid in vRSLCM, see Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Managing Datacenters
- vCenterName - the user friendly name of the vCenter Server.
- vCenterHost - the FQDN of the vcenter server.
- vcUsername - the vCenter username that has been assigned a role with sufficient priviliges in vCenter Server.
- vcPassword - the password for the vCenter username. This can be specified as a credential stored in vRSLCM locker (using the format
locker:password:{vmid}:{alias}
) OR as a plain text password). - acceptEULA - a boolean value to accept the EULA.
- enableTelemetry - a boolean value to accept / deny the Customer Experience Improvement Program (CEIP).
- defaultPassword - the default password for the deployment. This can be specified as a credential stored in vRSLCM locker (using the format
locker:password:{vmid}:{alias}
) OR as a plain text password). - certificate - the default password for the deployment. This can be specified as a certificate stored in vRSLCM locker (using the format
locker:certificate:{vmid}:{alias}
). - cluster - the datacenter & cluster where the appliances will be installed (using the format
{datacenter}#{cluster}
). - storage - the name of the target datastore.
- diskMode - The decision on wether to provision using thick or thin disks.
- network - The name of the virtual switch port group for the network interface.
- dns - A comma delimited list of DNS server IP Addresses.
- domain - The DNS Domain for the virtual machine.
- gateway - The IPv4 Gateway address for the vIDM network interface.
- netmask The IPv4 Subnet Mask (such as 255.255.255.0).
- searchpath - A comma separated list of the DNS Search domains.
- timeSyncMode - This is either
host
orntp
. If we choosentp
then we also need to provide the FQDN or IPv4 address of the NTP servers in the ntp key/value pair.
- Properties:
- Products:
- id - The short code for the vRealize Suite product being installed. In this instance we are using
vra
. - version - The version of the vRealize Suite product being installed. In this instance we are using
8.6.0
but it could be anything upto the latest version depending on what is supported in the vRSLCM we are running. - Properties:
- certificate - The default password for the deployment. This can be specified as a certificatestored in vRSLCM locker (using the format
locker:certificate:{vmid}:{alias}
). - productPassword - The default password for VRA. This can be specified as a credential stored in vRSLCM locker (using the format
locker:password:{vmid}:{alias}
) OR as a plain text password). - nodeSize - The size of the VIDM node(s) to be deployed. This is a value of medium or xlarge. A value of large is recommended for vRealize Automation deployments.
- fipsMode - A boolean value on whether Federal Information Processing Standard (FIPS) should be enabled. Once enabled this cannot be disabled.
- timeSyncMode - This is either
host
orntp
. If we choosentp
then we also need to provide the FQDN or IPv4 address of the NTP servers in the ntp key/value pair. - ntp - Assuming the
timeSyncMode
is set tontp
, this is the ip address/FQDN of the ntp servers. - licenseRef - The vRSLCM locker reference for the product license (using the format
locker:license:{vmid}:{alias}
).
- certificate - The default password for the deployment. This can be specified as a certificatestored in vRSLCM locker (using the format
- ClusterVIP:
- type - In a cluster deployment the node type is
vra-va
. - Properties:
- hostName - The fqdn of the vRA VIP.
- isLBSslTerminated - This setting decides whether the VIP has SSL termination enabled.
- type - In a cluster deployment the node type is
- Nodes:
- type - In a cluster deployment the first node is always of node type
vrava-primary
, subsequent nodes are classed asvrava-secondary
. - Properties:
- vmName - The friendly name for the vRA appliance in vCenter Server.
- hostName - The fqdn of the vRA appliance.
- ip - The IPv4 address of the vRA appliance.
- type - In a cluster deployment the first node is always of node type
- id - The short code for the vRealize Suite product being installed. In this instance we are using
API Example
An example cURL command for this REST API is:
curl --location --request POST 'https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}'
--data-raw '{
"environmentId": "",
"environmentName": "Production",
"infrastructure": {
"properties": {
"dataCenterVmid": "{dataCenterVmid}",
"regionName": "",
"zoneName": "",
"vCenterName": "vcs01",
"vCenterHost": "vcs01.thecloudxpert.local",
"vcUsername": "{vcUsername}",
"vcPassword": "{vcPassword}",
"acceptEULA": "true",
"enableTelemetry": "false",
"defaultPassword": "locker:password:{vmid}:{alias}",
"certificate": "locker:certificate:{vmid}:{alias}",
"cluster": "{datacenter}#{cluster}",
"storage": "{vcDatastore}",
"folderName": "",
"resourcePool": "",
"diskMode": "thin",
"network": "{network}",
"masterVidmEnabled": "false",
"dns": "{dnsServer1},{dnsServer2}",
"domain": "thecloudxpert.local",
"gateway": "{ipv4Gateway}",
"netmask": "255.255.255.0",
"searchpath": "thecloudxpert.local",
"timeSyncMode": "ntp",
"ntp": "{ntpServer1},{ntpServer2}",
"isDhcp": "false"
}
},
"products": [
{
"id": "vra",
"version": "8.6.0",
"properties": {
"certificate": "locker:certificate:{vmid}:{alias}",
"contentLibraryItemId": "",
"productPassword": "locker:password:{vmid}:{alias}",
"nodeSize": "medium",
"vraK8ServiceCidr": "",
"vraK8ClusterCidr": "",
"fipsMode": "false",
"ntp": "{ntpServer1},{ntpServer2}",
"timeSyncMode": "ntp",
"licenseRef": "locker:license:{vmid}:{alias}"
},
"clusterVIP": {
"clusterVips": [
{
"type": "vra-va",
"properties": {
"hostName": "vra.thecloudxpert.local",
"isLBSslTerminated": "true"
}
}
]
},
"nodes": [
{
"type": "vrava-primary",
"properties": {
"vmName": "vra1",
"hostName": "vra1.thecloudxpert.local",
"ip": "{vmIpv4Address}"
}
},
{
"type": "vrava-secondary",
"properties": {
"vmName": "vra2",
"hostName": "vra2.thecloudxpert.local",
"ip": "{vmIpv4Address}"
}
},
{
"type": "vrava-primary",
"properties": {
"vmName": "vra3",
"hostName": "vra3.thecloudxpert.local",
"ip": "{vmIpv4Address}"
}
}
]
}
]
}'
Note:
Remember, the –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.
API Response
When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the request id:
{
"requestId": "74b67c6a-fca7-4538-8a63-5326d8226d33"
}
We can track the progress of vRSLCM requests via the API. Check out Using the vRealize Suite Lifecycle Manager (vRSLCM) API to track vRSLCM Requests for more information.
Once the state of the vRSLCM request is COMPLETED then the installation of vRA will have finished.
Wrapping It All Up!
In this post we used the vRSLCM API to create a new vRSLCM environment and deploy vRA 8.6 in a clustered deployment topology (three nodes). In doing this, we also used the vRSLCM API to create a self-signed certificate for the vRA cluster and also downloaded the required vRA install binaries.
If this API this snippet has been helpful, make sure you checkout the rest of the series !
Published on 26 August 2022 by Christopher Lewis. Words: 2174. Reading Time: 11 mins.
- Using the vRSLCM API to Deploy vRealize Automation (Standard Deployment) ()
- Using the vRSLCM API to Create the Global Environment with VMware Identity Manager (Cluster Deployment) ()
- Using the vRSLCM API to Create the Global Environment with VMware Identity Manager (Standard Deployment) ()
- Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Managing SSL certificates ()
- Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Upgrading vRSLCM ()
- Operating a Private Cloud - Part 3: Creating a Pricing Card in VMware Aria Automation
- Operating a Private Cloud - Part 2: Creating a Pricing Card in VMware Aria Operations
- Operating a Private Cloud - Part 1: Understanding Pricing Cards in VMware Aria
- Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 5
- Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 4