To activate service provisioning, you connect the VMware Aria Automation Assembler service with the on-premise VMware Cloud Foundation instance.

Deploy a Cloud Proxy Appliance for the VMware Aria Automation Assembler Service for Cloud-Based Automation for VMware Cloud Foundation

To provide connectivity to the VMware Aria Automation Assembler service, you deploy a Cloud Proxy appliance in the VMware Cloud Foundation instance.

UI Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the Assembler Administrator and the Service Broker Administrator roles.
  2. On the Services page, locate the VMware Aria Automation tile, and click Launch service.
  3. On the Welcome to VMware Aria Automation page, click the Assembler tile.

  4. If the Guided setup diagram page appears, click Continue.

    This page appears when there are no cloned zones.

  5. Select the Infrastructure tab and, in the left pane, select Connections > Cloud proxies.

  6. Deploy a Cloud Proxy appliance.

    1. On the Cloud proxies page, click New.

    2. On the Install cloud proxy page, click Copy link.

    3. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.

    4. In the VMs and templates inventory, navigate to the default management data center and expand the data center.

    5. Right-click the Cloud proxy folder, and select Deploy OVF template.

    6. On the Select an OVF template page, select URL, paste the link you copied, and click Next.

    7. On the Source verification dialog box, click Yes.

    8. On the Select a name and folder page, in the Virtual machine name text box, enter a virtual machine name, and click Next.

    9. On the Select a compute resource page, select the compute resource, and click Next.

    10. On the Review details page, review the settings, and click Next.

    11. On the License agreements page, accept the license agreement, and click Next.

    12. On the Select storage page, select the vSAN datastore, and click Next.

    13. On the Select networks page, from the Destination network drop-down menu, select the management VLAN port group, and click Next.

    14. On the Customize template page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

    15. On the Ready to complete page, click Finish, and wait for the completion of the process.

  7. Power on the Cloud Proxy appliance.

    1. In the VMs and templates inventory, navigate to the default management domain data center.

    2. Expand the Cloud proxy folder.

    3. Right-click the Cloud Proxy virtual machine and, from the Actions menu, select Power > Power on.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/08-assembler-deploy-cloud-proxy

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Apply the Terraform plan.

    terraform apply tfplan

Deploy the Cloud Extensibility Proxy and Configure Integration for the VMware Aria Automation Assembler Service for Cloud-Based Automation

To provide connectivity between VMware Aria Automation Orchestrator and the VMware Aria Automation Assembler service, you deploy a Cloud Extensibility Proxy appliance in the VMware Cloud Foundation instance.

UI Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the Assembler Administrator and the Service Broker Administrator roles.
  2. On the Services page, locate the VMware Aria Automation tile, and click Launch service.
  3. On the Welcome to VMware Aria Automation page, click the Assembler tile.

  4. If the Guided setup diagram page appears, click Continue.

    This page appears when there are no cloned zones.

  5. Select the Infrastructure tab and, in the left pane, select Connections > Integrations.

  6. Add an VMware Aria Automation Orchestrator integration.

    1. On the Integrations page, click Add integration, and select the Orchestrator tile.

    2. On the New integration page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook.

  7. Deploy a Cloud Extensibility Proxy appliance.

    1. Click New Cloud Extensibility Proxy.

    2. On the Install Cloud Extensibility Proxy page, click Copy link.

    3. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.

    4. In the VMs and templates inventory, navigate to the default management data center, and expand the data center.

    5. Right-click the Cloud proxy folder, and select Deploy OVF template.

    6. On the Select an OVF template page, select URL, paste the link you copied, and click Next.

    7. On the Source verification page, click Yes.

    8. On the Select a name and folder page, in the Virtual machine name text box, enter a virtual machine name, and click Next.

    9. On the Select a compute resource page, select the compute resource, and click Next.

    10. On the Review details page, review the settings, and click Next.

    11. On the License agreements page, accept the license agreement, and click Next.

    12. On the Configuration page, select Extend Aria Automation (SaaS), and click Next.

    13. On the Select storage page, select the vSAN datastore, and click Next.

    14. On the Select networks page, from the Destination network drop-down menu, select the management VLAN port group, and click Next.

    15. On the Customize template page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

    16. On the Ready to complete page, click Finish, and wait for the completion of the process.

  8. Power on the Cloud Extensibility Proxy appliance.

    1. In the VMs and templates inventory, navigate to the default management domain data center.

    2. Expand the Cloud proxy folder.

    3. Right-click the Cloud Extensibility Proxy virtual machine, from the Actions menu, select Power > Power on, and wait for the completion of the process.

  9. Complete the VMware Aria Automation Orchestrator integration.

    1. Close the Install Cloud Extensibility Proxy wizard.

    2. On the New integration page, from the Cloud extensibility proxy drop-down menu, select the newly deployed Cloud Extensibility Proxy.

    3. Click Validate.

    4. In the Untrusted certificate found dialog box, click Accept.

    5. Click Add.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/09-assembler-deploy-cloud-extensibility-proxy

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Apply the Terraform plan.

    terraform apply tfplan

Import the Trusted Certificates to VMware Aria Automation Orchestrator for Cloud-Based Automation for VMware Cloud Foundation

To create a trust chain for connection to the VMware Cloud Foundation components, you import the trusted certificate of your certificate authority to VMware Aria Automation Orchestrator.

UI Procedure

  1. Log in to the VMware Aria Automation Orchestrator Control Center at https://<cloud_extensibility_proxy_fqdn>/vco-controlcenter/config as root.

  2. Click Certificates.

  3. Click the Trusted certificates tab and, from the Import drop-down menu, select Import from PEM-encoded file.

  4. Click Choose file, navigate to the certificate authority Root64.cer file, and click Import.

  5. On the Import this certificate page, verify the certificate information, and click Import.

  6. (Optional)

    If there are additional certificate chains that must be trusted by VMware Aria Automation Orchestrator, repeat the procedure for each additional certificate.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/10-orchestrator-import-trusted-certificate

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Apply the Terraform plan.

    terraform apply tfplan

Replace the Certificate of the VMware Aria Automation Orchestrator Instance for Cloud-Based Automation for VMware Cloud Foundation

By using the .8.chain.pem file, generated with the CertGenVVS utility, you update the self-signed certificate of the VMware Aria Automation Orchestrator instance within the Cloud Extensibility Proxy.

Prerequisites

Verify that the .8.chain.pem file, generated with the CertGenVVS utility, is available. See Certificate Generation Utility for VMware Validated Solutions

Procedure

  1. Copy the certificate PEM file from your local machine to the /tmp folder of the Cloud Extensibility Proxy, using an SCP utility such as WinSCP.

  2. Log in to the Cloud Extensibility Proxy appliance console by using SSH and the root user.

  3. Change into the /tmp folder by running the command.

    cd /tmp

  4. Obtain the sh256 thumbprint from the certificate file by running the command.

    vracli certificate ingress --set <.8.chain.pem>
    Note:

    The command returns the sha256 sum and says that it cannot be validated as it is self-signed. Ignore this warning.

  5. By using the sha356 sum, displayed after completing the previous step, import the certificate by running the command.

    vracli certificate ingress --set <.8.chain.pem> --sha256 <sha256_thumbprint>

  6. Install and restart the services by using the deploy.sh script.

    /opt/scripts/deploy.sh
  7. (Optional)

    If, after completing the procedure, the signed certificate is not in use, run the following command in the Cloud Extensibility Proxy appliance console.

    kubectl -n ingress delete pod -l app=traefik

Add the VI Workload Domain vCenter Server to VMware Aria Automation Orchestrator for Cloud-Based Automation for VMware Cloud Foundation

To activate orchestration, management, and provisioning of workloads, you configure the connection to the VI workload domain vCenter Server instance by running the necessary workflows in VMware Aria Automation Orchestrator.

UI Procedure

  1. Log in to the VMware Aria Automation Orchestrator Control Center at https://<cloud_extensibility_proxy_fqdn>/orchestration-ui by using an account assigned the Assembler Administrator or Assembler User service role.

  2. In the left pane, select Library > Workflows.

  3. On the Workflows page, in the Filter text box, enter Add a vCenter Server instance, and press Enter.

  4. In the Add a vCenter Server instance workflow card, click Run.

  5. On the Set the vCenter Server instance properties tab, enter the FQDN of the VI workload domain vCenter Server, and configure the following settings.

    Setting

    Value

    HTTPS port of the vCenter Server instance

    443

    Location of SDK that you use to connect

    /sdk

    Do you want to ignore certificate warnings

    Deselected

  6. Click the Set the connection properties tab, deselect the Do you want to use a session per user method to manage user access to the vCenter Server system? check-box, and enter the integration service account credentials according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.

  7. Click Run.

  8. In the Waiting for input: "Add a vCenter Server instance" panel that appears at the top, click Answer.

  9. In the Input request: Add a vCenter Server instance dialog box, click Answer.

  10. Repeat the procedure for each VI workload domain vCenter Server in each VMware Cloud Foundation instance.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/12-orchestrator-add-vcenter-server

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Apply the Terraform plan.

    terraform apply tfplan

Add the Cloud Proxy Appliances to the First Availability Zone VM Group for Cloud-Based Automation for VMware Cloud Foundation

If your management domain is configured with two availability zones, to activate failover to the second availability zone, move the Cloud Proxy and the Cloud Extensibility appliances to the VM group for the first availability zone. The virtual machine write operations are performed synchronously across both availability zones and each availability zone has a copy of the data.

UI Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as administrator@vsphere.local.
  2. In the Hosts and clusters inventory, expand the management domain vCenter Server tree and expand the management domain data center.

  3. Select the default management vSphere cluster, and click the Configure tab.

  4. In the left pane, select Configuration > VM/Host groups.

  5. Select the VM group for the first availability zone according to your value in the VMware Cloud Foundation Planning and Preparation Workbook, and click Add.

  6. In the Add group member dialog box, select the Cloud Proxy and the Cloud Extensibility Proxy appliances and click OK.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/13-vsphere-drs-az-vm-group

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Apply the Terraform plan.

    terraform apply tfplan

Add Cloud Accounts for VI Workload Domains to VMware Aria Automation Assembler for Cloud-Based Automation for VMware Cloud Foundation

You create vCenter Server and NSX-T Manager cloud accounts for each VI workload domain in the VMware Cloud Foundation instances. You apply the integration accounts credentials to the cloud accounts, and link the cloud accounts to cloud zones.

Note:

For an environment with NSX Federation, you configure NSX-T Manager cloud accounts for the VI workload domain NSX Local Manager clusters.

UI Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the Assembler Administrator and the Service Broker Administrator roles.
  2. On the Services page, locate the VMware Aria Automation tile, and click Launch service.
  3. On the Welcome to VMware Aria Automation page, click the Assembler tile.

  4. Select the Infrastructure tab, and in the left pane, select Connections > Cloud Accounts.

  5. Add a cloud account for the VI workload domain vCenter Server.

    1. On the Cloud accounts page, click Add cloud account.

    2. On the Cloud account types page, click the vCenter Server card.

    3. On the New cloud account page, configure the values for the vCenter Server cloud account from your VMware Cloud Foundation Planning and Preparation Workbook, and click Validate.

    4. In the Untrusted certificate found dialog box, click Accept.

    5. After successful validation, in the Configuration, select the VI workload domain data center, and select Create a cloud zone for the selected datacenter.

    6. In the Capabilities tags section, add the capability tag according to your VMware Cloud Foundation Planning and Preparation Workbook.

    7. Click Add.

  6. Add a cloud account for a VI workload domain NSX Manager cluster.

    1. On the Cloud accounts page, click Add cloud account.

    2. On the Cloud account types page, click the NSX-T Manager card.

    3. On the New cloud account page, configure the values for the NSX Manager cloud account from your VMware Cloud Foundation Planning and Preparation Workbook, configure the following settings, and click Validate.

      Setting

      Value

      Manager type

      Local

      NSX mode

      Policy

    4. In the Untrusted certificate found dialog box, click Accept.

    5. In the Associations section, click Add.

    6. In the Add associations dialog box, select the vCenter Server cloud account for the VI workload domain that you created in step 5, and click Add.

    7. In the Capabilities tags section, add the capability tag according to your value in the VMware Cloud Foundation Planning and Preparation Workbook.

    8. Click Add.

  7. Repeat steps 5 and 6 for each VI workload domain in each VMware Cloud Foundation instance.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/14-assembler-create-cloud-accounts

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Apply the Terraform plan.

    terraform apply tfplan

Configure the Cloud Zones in VMware Aria Automation Assembler for Cloud-Based Automation for VMware Cloud Foundation

Cloud zones are specific to VMware Aria Automation Assembler projects. A cloud zone corresponds to a set of resources within a cloud account. You reconfigure the initial cloud zone created during the configuration of the vCenter Server and NSX-T Manager cloud accounts.

You assign the appropriate resources to the cloud zone by configuring resource pools, placement policy, and capability tags.

UI Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the Assembler Administrator and the Service Broker Administrator roles.
  2. On the Services page, locate the VMware Aria Automation tile, and click Launch service.
  3. On the Welcome to VMware Aria Automation page, click the Assembler tile.

  4. Select the Infrastructure tab and, in the left pane, select Configure > Cloud zones.

  5. On the Cloud zones page, in the cloud zone card for the VI workload domain, click Open.

  6. On the Summary tab, configure the virtual machine and template folder name for VMware Aria Automation Assembler-managed workloads and the capability tag according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.

  7. Click the Compute tab and, from the drop-down menu, select Dynamically include compute by tags.

  8. On the Compute tab, in the table, select the resource pool for VMware Aria Automation Assembler-managed workloads in the vSphere cluster for the VI workload domain according to your value in the VMware Cloud Foundation Planning and Preparation Workbook, and click Tags.

  9. In the Tags dialog box, in the Add tags text box, enter enabled:true, press Enter, and click Save.

  10. If there are resource pools for statically or dynamically deployed virtual machines for organization workloads in other vSphere clusters, repeat steps 8 and 9 for each of these user-defined resource pools.

  11. On the Compute tab, in the Filter tags text box, enter enabled:true, press Enter, and click Save.

  12. Repeat the procedure for each cloud zone to activate the vSphere clusters across the VI workload domains in each VMware Cloud Foundation instance.

Terraform Procedure

  1. Navigate to the Terraform example that you cloned from the repository.

    cd /validated-solutions-for-cloud-foundation/cba/terraform-solution-implementation/15-assembler-cloud-zone-config

  2. Duplicate the terraform.tfvars.example file to terraform.tfvars in the directory.

    copy terraform.tfvars.example terraform.tfvars

  3. Open the terraform.tfvars file, update the variables according to your values in the VMware Cloud Foundation Planning and Preparation Workbook, and save the file.

  4. Initialize the current directory and the required Terraform providers.

    terraform init

  5. Create a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  6. Import the current state of the Cloud Zone to the terraform state file by obtaining the UUID from VMware Aria Automation Assembler console.

    1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/.

    2. On the Services page, locate the VMware Aria Automation tile, and click Launch service.

    1. On the Services page, locate the VMware Aria Automation tile, and click Launch service.

    2. On the Welcome to VMware Aria Automation page, click the Assembler tile, and click the Infrastructure tab.

    1. In the left pane, select Configuration > Cloud Zones.

    2. Click Open for the Cloud Zone, and copy the UUID from the browser URL.

    3. Import the Cloud Zone by running the command.

      terraform import vra_zone.cloud_zone_update <cloud_zone_id>

  7. Import the current state of the Resource Pool to the terraform state file by obtaining the UUID from the VMware Aria Automation Assembler console.

    1. On the Assembler page, in the left pane, select Resources > Compute.

    2. Select the resource pool and copy the UUID from the browser URL.

    3. Import the vSphere Resource Pool by running the command.

      terraform import vra_fabric_compute.resource_pool <resource_pool_id>

  8. Recreate a Terraform plan and save the output to a file.

    terraform plan -out=tfplan

  9. Apply the Terraform plan.

    terraform apply tfplan