vmware_deploy_vro

vmware_deploy_vro

Deploys the vRealize Orchestrator Appliance from OVA and allows for the following configuration:

  • Hostname (appliance hostname or VIP)
  • SSL Certificate
  • Authentication Provider (vSphere or vRealize Automation)
  • Log Rotation Settings and Log Integration (LogInsight)
  • NTP Configuration
  • Install Plugins
  • Import Packages
  • Add Plugin Endpoints (SOAP, REST, vRA, vCenter, PowerShell, vAPI)

Supported vRealize Orchestrator Appliances

  • vRealize Orchestrator 7.5
  • vRealize Orchestrator 7.6

Requirements

  • python >= 2.6
  • PyVmomi

Role Variables

The following parameters need to be defined in host_vars:

Network Configuration

Set Network Configuration for the appliance.

network_label: "VM Network"
network_ip_address: "x.x.x.x"
network_mask: "x.x.x.x"
network_gateway: "x.x.x.x"

Credentials and Access

Set the root username and password for this appliance.

vro_root_username: "root"
vro_root_password: "VMwar3!!"

The following credentials are used for BASIC auth to the vco API. Note that this API user must be a member of the vro_auth_adminGroup group.

vro_api_username: [email protected]
vro_api_password: VMwar3!!

Set the Ansible connection variables (use exactly as shown)

ansible_user: "{{ vro_root_username }}"
ansible_password: "{{ vro_root_password }}"
ansible_host: "{{ network_ip_address }}"

The following mandatory parameters need to be defined, as extra vars, or in group_vars or host_vars:

OVA Deployment Variables

Set the OVA deployment variables.

ova_deployment_hostname: "vcenter/esxi hostname"
ova_deployment_username: "vcenter/esxi username"
ova_deployment_password: "vcenter/esxi password"

Set the target datastore. Datastore clusters are not supported by the module.

ova_deployment_datastore: "datastore"

The following are only required when deploying to vCenter Server. If folder is not defined then the appliance will deploy to the default folder.

ova_deployment_datacenter: "vcenter datacenter"
ova_deployment_cluster: "vcenter cluster"
ova_deployment_folder: "vcenter folder"

DNS Configuration

Set the DNS domain that should be used.

dns_domain: "example.com"

Provide a list of available DNS Servers.

dns_servers:
  - "x.x.x.x"
  - "x.x.x.x"

OVA Configuration

Set the OVA file name.

ova_file: "ova_file.ova"

Set the local path to the OVA file (do not use a leading /).

ova_path: "/path/to/ova_file"

Configure Authentication Provider

Set the auth provider to use for vRO authentication.

Auth provider is one of 'CAFE' or 'VSPHERE'.

vro_auth_provider: VSPHERE
vro_auth_hostname: host.example.com
vro_auth_username: [email protected]
vro_auth_password: VMwar3!!
vro_auth_adminGroup: "vro-admins"
vro_auth_adminGroupDomain: "{{ dns_domain }}"
vro_auth_default_tenant: "vsphere.local"

The following optional parameters can be defined, as extra vars, or in group_vars or host_vars:

OVA Download Configuration

Set the URL to the OVA file if 'ova_source' is set to 'http' (do not use a leading /). The 'ova_source' variable defaults to 'local' in the vmware_deploy_ova role and can be overridden.

ova_url: "http[s]://example.com/ova"

Load Balancer VIP

Set VIP hostname if using a load balancer. This will default to using the inventory hostname.

vro_vip_hostname: "vro.example.com"

Import CA Signed Certificates

Set 'vro_use_signed_certificate' to 'yes' if you would like to import CA signed certificates. The default setting is 'no'.

vro_use_signed_certificate: no

If 'vro_use_signed_certificate' is set to 'yes', provide the certificate file in PEM format using the host name, as it has been defined in the hosts file (fqdn), with the extension .pem. The host certificate file should be placed in the 'files/certs' directory. The PEM file must include the host certificate and CA chain.

System Logging

Provide the VMware LogInsight server details to send system logs to.

Valid protocol options are 'syslog' and 'cfapi'. Note that the 'cfapi' protocol would typically use port 9000.

loginsight_server:
  host: "loginsight.example.com"
  port: 514
  protocol: syslog

Set log rotation parameters. The values displayed are the default.

Valid log levels are: '', 'ALL', 'TRACE', 'DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'OFF'

vro_logging_globalLevel: "INFO"
vro_logging_maxFileCount: 10
vro_logging_maxFileSizeMb: 5
vro_logging_scriptingLevel: "INFO"

Install Plugins

Provide a list of plugins that should be installed. The plugin packages should be placed in the 'files/plugins' folder.

vro_plugins:
  - plugin1.dar
  - plugin2.vmoapp

If a plugin is already installed, set the following variable to 'yes' to force the plugin to be installed. The default value for this variable is 'no'.

vro_force_plugin_install: no

Install Packages

Set the following variable to 'yes' to allow vRO packages to be imported. The default value for this variable is 'no'.

vro_install_packages: no

If 'vro_install_packages' is set to 'yes' then provide a list of packages that should be installed. The packages should be placed in the 'files/packages' folder for the 'vmware_deploy_vro' role.

vro_packages:
 - package1.package
 - package2.package

If a package version is already installed, set the following variable to 'yes' to force the package to be installed. The default value for this variable is 'no'.

vro_force_install_packages: no

Configure Plugin Endpoints

Set the following variable to 'yes' to allow plugin endpoints to be added/configured. The default value for this variable is 'no'. This will have a dependency on an authentication provider being configured and the API user a member of the specified adminGroup.

vro_configure_plugin_endpoints: no

If 'vro_configure_plugin_endpoints' is set to 'yes then provide a required plugin endpoint variables.

Add vCenter Server Endpoints. If you also want to add the vAPI endpoint, ensure this service has been started.

vcenter_plugin_endpoints:
  - hostname: "vcenter hostname"
    username: "vcenter username"
    password: "vcenter password"
    domain: "{{ dns_domain }}"
    add_vapi_endpoint: no

Add vRealize Automation Cafe Endpoints.

cafe_plugin_endpoints:
  - name: "Tenant A"
    hostname: "vra.example.com"
    tenant: "vsphere.local"
    username: "vra admin username"
    password: "vra admin password"

Add HTTP Restful API Endpoints. Supported authentication types are: 'Basic' and 'OAuth2'.

Uncomment and set proxy section if rest host is behind a proxy.

rest_plugin_endpoints:
  - name: Rest Host
    url: https://rest.example.com/api
    auth_type: Basic
    ## Username and Password is required when auth type is set to 'Basic'.
    username: "rest username"
    password: "rest password"
    ## OAuth2 Token is required when auth type is set to 'OAuth2'.
    # oauth2_token: "token"
    # proxy_host: proxy.example.com
    # proxy_port: 8080
    ## Proxy username and password can be left commented if proxy doesn't require authentication.
    # proxy_username: "{{ rest_plugin_endpoint_proxy_username }}"
    # proxy_password: "{{ rest_plugin_endpoint_proxy_password }}"
    host_verification: no

Add PowerShell Host Endpoints. Supported authentication types are: 'Basic' and 'Kerberos'.

powershell_plugin_endpoints:
  - name: PowerShell Host
    hostname: pshost.example.com
    port: 443
    auth_type: Basic
    username: "host username"
    password: "host password"

Add SOAP API Endpoints. Supported Authentication types are: 'Basic', 'Digest' and 'Kerberos'.

Uncomment and set proxy section if SOAP host is behind a proxy.

soap_plugin_endpoints:
  - name: Soap Host
    wsdl_uri: soapuri.example.com
    auth_type: Basic
    ## Username and Password is required when auth type is set to 'Basic' or 'Digest'.
    username: "soap username"
    password: "soap password"
    ## Kerberos SPN is required when auth type is set to 'Kerberos'.
    # kerberos_spn: [email protected]
    # proxy_host: proxy.example.com
    # proxy_port: 8080

Set the following variable to 'yes' if you would like to ignore any errors when adding plugin endpoints. This can be useful if re-running the playbook fails due to duplicate endpoints. The default value for this variable is 'no'.

vro_ignore_plugin_endpoint_errors: no

Additional default variables

The following additional default variables have also been set and can be overridden by setting them in a group_var.

Default list of NTP Servers that will be used.

ntp_servers:
  - "0.pool.ntp.org"
  - "1.pool.ntp.org"
  - "2.pool.ntp.org"
  - "3.pool.ntp.org"

HTTP REST API Variables

http_content_type: "application/json"
http_accept: "application/json"
http_validate_certs: no
http_body_format: "json"

Set the ports used by the vco and vco-controlcenter APIs.

vro_api_port: 8281
vro_cc_api_port: 8283

Enable SSH access to the appliance.

vro_enable_ssh: "True"

Enable Customer Experience Improvement Program.

vro_enable_telemetry: "False"

Dependencies

- { role: vmware_deploy_ova, tags: [ 'deploy' ] }

Example Playbook

```
- hosts: vro_appliances
  become: no
  gather_facts: False
  roles:
    - nmshadey.vmware_deploy_vro
```

License

MIT

Author Information

Gavin Stephens (https://www.simplygeek.co.uk)

About

Deploy and configure the VMware vRealize Orchestrator Appliance

Install
ansible-galaxy install nmshadey/ansible-role-vmware_deploy_vro
GitHub repository
License
mit
Downloads
23
Owner