www.open902.com

My own Knowledge Base made public ..

vRealize Automation 7.2 – Unattended Enterprise Install

With 7.1 VMware introduced a silent installer.

Which is great – I am not sure who would need to streamline installs in the field – given that every environment is different, but for a lab, this is brilliant.

Ok, actually it might be still easier to just amend one file, rather than sitting there clicking buttons for hours 🙂

Anyway, there are two parts which are part of the unattended install

  • Wizard part of the installation
  • Windows IaaS Agent install

What it doesn’t do out of the box is automating the the OVA deployment and the deployment of the IaaS templates required. William Lam once released a powershell script to automate the OVA deployment.

This is out of scope of this article.

So in order to get started there are a few little pre-requisites

  • Your vRA appliances have been deployed via OVA
    • Note: Do not log into the VAMI interface to start the installation wizard !
  • According to your design the relevant IaaS Servers have been deployed with the IaaS Windows Agent.

As mentioned, one part of the unattended installation is also the unattended installation of the IaaS Windows Agent.

There are multiple ways of using this feature.

Either …

  • Download and run the unattended Powershell script on the already deployed virtual machines
  • Use the vCenter customization and run said script post deployment automatically
  • Use Group Policies to install the agent
  • Use vRealize Orchestrator to install the agent
  • SCCM
  • And others I haven’t thought about

I am not going through all those options. If you ask how many ways of doing that are there – the answer is probably a counter-question : How long is a string 🙂

The bottom line here is, VMware provides a Powershell script to silently install the agent so I will show here how to use it.

Then of course there is the installation wizard which starts when you first log into the VAMI interface.

Rather than going through the wizard we will modify an answer file. This answer file will be kicked off from a vRA appliance.

This can be done by either using SSH – assuming you had it enabled during the installation …

… or via console.

So what kind of environment am I trying to deploy unattended.

Here you can see I have prepared a Medium Enterprise environment (no external vRO)

Before going through the silent install of the wizard part of the installation, we first need to ensure we install the Windows Agent ..

You can find the Powershell script by browsing to a vRA Appliance, for example

https://vra7-ua-vra01.www.open902.com:5480/installer

Download the Powershell script and open it in an editor

As you can see there are a few things we need to configure.

Enter the vRA address, credentials and service account. The service account will need the required permissions in order to connect to the SQL database if you use windows authentication and also has to have local admin rights on the IaaS server.

If you want additional security, you can add the SSL thumbprint of the vRA Appliance to ensure it is connecting to the correct appliance, and fail the install if it isn’t.

This is not mandatory though. So I leave it out. You can find the thumbprint on the certificate:

So here I run it manually as a demo – but as mentioned – you can easily automate it using several different methods.

The install takes mere seconds.

Note – if you have a stricter ExecutionPolicy configured in Powershell (which is the default) – the script will automatically prompt you to change it.

Confirm the installation was successful by checking the service. Ensure the service is installed, running and is running under the service account configured

Once all your IaaS servers have the agent installed, you can start ‘thinking’ about the vRA Wizard – or rather the silent way of using it.

As mentioned earlier, don’t log into the VAMI to start the wizard, but log into the first appliance using SSH or console.

To get started either open the file via SSH or console, or like me, pull it down in order to modify it.

/usr/lib/vcac/tools/install/ha.properties

I prefer to modify files on my Mac, so I SCP’d it down

Now let’s have a look

You will see some certificate configurations there. Here I am not using a signed certificate.

Let’s go from top to bottom

  • Accept EULA
  • Certificate Details (org name / unit and country code)
  • License Key
  • NTP Servers
  • Confirm IaaS install

  • Specify whether you want a single user for all IaaS roles
  • Enter IaaS User (Service Account)
  • Enter IaaS Password
  • Enter the SSO Admin
  • Enter the secondary appliances – here I only got one additional one
  • Enter the credential(s) of the secondary appliance(s)
  • Enter the IaaS Web Hostnames – here I got two
  • Enter the IaaS User (Service Account)
  • Enter the IaaS Password
  • Enter the IaaS Manager Service Hostnames – here I got two
  • Enter the IaaS User (Service Account)
  • Enter the IaaS Password

Continuing further down …

  • DEM Host Names – here I got two
  • Enter the IaaS User (Service Account)
  • Enter the IaaS Password
  • vRA Web Load Balancer VIP Hostname
  • IaaS Web Load Balancer VIP Hostname
  • IaaS Manager Service Load Balancer VIP Hostname
  • SQL Hostname
  • SQL Instance
    • If using the default instance, leave empty
  • SQL Database Name
  • Here I am using Windows Authentication
    • This is why the IaaS Management Agent has to have the right permissions in SQL
  • An IaaS Passphrase
  • IIS Website to be used
  • IIS HTTPS Port

Here I only configure a single vSphere Agent

  • Proxy Agent Hostnames – here I got two
  • Enter the IaaS User (Service Account)
  • Enter the IaaS Password
  • Agent Name (can be anything)
  • Endpoint Name (can be anything but must match value to be configured in vRA)

Further down only two more changes

  • I want Pre-Req fixes to be applied automatically
  • I do not want the initial configuration to be created
    • Local Admin, Workflows to configure vRA etc.

Now we reached the end of the answer file. You can see from the screenshot above and below, the only thing left is entering the certificate details.

I will leave it blank in order to use Self-Signed certificates.

As mentioned earlier, I pulled the file down to modify – time to upload it again to the vRA appliance

The whole point of this is of course also to make sure you can re-use the file in case you want to re-install the environment using the exact same values.

You modify the file – upload – run and go for a drink for a couple of hours, rather than sitting there clicking around in the wizard.

Anyway, at this stage I am taking snapshots of the lot … just in case 🙂

Now either SSH to the vRA appliance or open a console and navigate to

/usr/lib/vcac/tools/install

You should see the file you just modified ha.properties and the install script vra-ha-config.sh

Now it is just a matter of executing vra-ha-config.sh – and with good luck (still feel like I need luck with that product lol) – it should just run through.

Using the wizard itself takes over an hour – so I wouldn’t expect this to go much quicker – especially not since I know my IaaS servers will not meet the pre-requisites and require ‘fixing’

Now either just watch things to unfold or get a coffee

Did I mention luck ? Well in my case things still went wrong ..

As you can see I have a few problems here – mainly regarding the vRA Proxy Agent configuration and strangely vra7-ua-mgmt01 is apparently not ‘registered’.

This would relate to the IaaS Management Agent we just installed.

First, as mentioned above – I configured two Proxy Agent Servers / Hostnames .. but only ever configured one Agent.

As I want to have the agents for failover – both agents will have the exact same name

So what about that error regarding vra7-ua-mgmt01? Good question. I restarted the service and the script yet again failed with the host not being registered.

As it is Windows – I rebooted the box and there we go, it is busy installing pre-reqs

Getting to this point, with pre-requisites and validation to complete, took around 40 minutes to complete.

It should also show the correct number of nodes and the load balancer VIP / FQDN

Always good when SSO is configured successfully.

At this stage the script has been running for an hour.

After another half an hour (90 minutes total), the vRA cluster is finally created

And seconds later vRA is installed. Next, IaaS

At this stage we are 2hrs in.

After a further 20 minutes vRA install has been completed .. unattended 🙂

Once you created a local admin and login, you should be able to confirm that all required DEMs are online

You can also make sure the vRA cluster is REALLY complete 🙂

So I am not going through the actual configuration here – you can find all the articles in how to do that here already. Check the menus for all the relevant articles in how to configure vRA.

There is ONE thing not covered really. I shall quickly cover this here.

This is regarding the Active Directory integration. When you integrate a cluster vRA environment with AD, you have a choice of 2 Connectors

Simply select the first one.

Then once integrated and groups are synced, navigate to Identity Providers.

Click your Workspace

Now select the second connector

Re-enter your domain admin password you used to join the first vRA appliance to the domain

Click Add Connector

Next, on the same page, change the ldP Hostname to the VIP FQDN of your load balancer.

Click Save

You should now have both connectors configured in you AD Directory

Well done .. You now deployed vRA (almost) unattended …