Wednesday, March 23, 2016

Retooling the Infoblox vRA Plugin to Support Event Broker

In this blog post I will provide information on using the Infoblox "VMware Cloud Adapter" version 3.2 with the new Event Broker feature of vRA 7.

This does not require any modification of the Infoblox workflows and the adapter will continue to work as written by Infoblox.

This content is intended for readers comfortable with vRealize Automation and vRealize Orchestrator.  As always, I do not assume any risk nor do I provide support for using the modifications outlined below in your environment.


I will create a workflow wrapper for one of the IPAM workflows to allow them to be executed from an Event Broker subscription.

You can download an example of the workflow from VMware's Sample Exchange.


I just finished a proof-of-concept with a customer where the Infoblox IPAM plugin for vRA/vRO was used to integrate DDI with vRA.  It's a great solution for customers who own or are considering Infoblox IPAM, with one drawback - it currently supports only using Workflow Stubs in vRA version 7.

While that's not a huge problem, it lacks the flexibility and usefulness of the Event Broker's Event Subscription capability.  If you're not familiar with the Event Broker, you can learn more in this webinar I conducted on vRA 7 extensibility.  Briefly though, the Event Broker replaces the Workflow Stubs beginning in vRA version 7.  Workflow Stubs are still supported for integrations that have already been built around them, but customers and partners are encouraged to transition to the Event Broker.


I am using:

  • vRealize Automation 7.0.1
    • simple install
    • embedded vRealize Orchestrator instance
  • Infoblox DDI Evaluation
    • NIOS for vSphere 7.2.6
  • Infoblox VMware Cloud Adapter version 3.2
  • "Reserve an IP in a network" will be the methodology used
You can follow the instructions from Infoblox for installation of the VMware Cloud Adapter (which I will refer to as "the plugin" or "IPAM plugin" in this post).  The installation will set up the plugin to use Workflow Stubs, and that's fine.  If you wish you can skip the steps to create the Workflow Stubs but you will still want to create the property group (we will make some small edits later).

The Event Broker Wrapper Workflow

If you watched the video I linked above, you will be familiar with a "wrapper" workflow that I provide for usage with Event Broker subscriptions.  This wrapper will extract the properties provided by the Event Broker input, allowing you to capture any information you need as inputs for the IPAM workflows.

For example, the IPAM workflow "Reserve an IP in network for VM" has the following inputs:

While the Event Broker provides a single input:

That single input contains most of what we need for the IPAM workflow.  There are a couple of exceptions, and I'll cover how to find those.  For now, let's start with the easy ones.

The Event Broker wrapper workflow simply prints the key:value pairs found in the eventPayloadProperties input, but it's easy enough to assign them to an attribute for further processing.  For starters, I make a duplicate copy of the Event Broker wrapper workflow and add the IPAM workflow "Get IP in network for VM" into the schema as follows:

Next, I'll promote all of the inputs for the IPAM workflow as attributes:

Next, since I will use the script element "Get payload and execution context" from the EB wrapper, I need to map the output of the script element to those global attributes so that I can update them.

Now, I will make changes to the script in the "Get payload..." element so that I can set the attributes as needed.  Luckily, Infoblox uses the same parameter names as the EB wrapper script!  So, once I have made the attribute bindings the following are already retrieved by the script:

  • vcacVm
  • vCACVmProperties
However, you will need to make some changes.  For starters, the "vCACHost" object is retrieved by the script, but using the var "host" but all I did to fix this was search for instances of "host" in the script and replace them with "vCACHost" as below (the red boxes indicate the two occurrences).

Next, for the "virtualMachineEntity" I added a single line of code:

I inserted that just below the block in the last image:


For what's worth, the IPAM workflow I am using has as input the vSphere virtual machine object, but it doesn't actually use that for anything - which is great because at the state this is called from vRA the VM doesn't yet exist in vSphere!  But, I'm including the code anyway since it will be helpful for other IPAM workflows.

Now to get the "vCenterVm" I need to look that up by the virtual machine ID provided in the machine properties from the Event Broker, using the vSphere plugin.  The following code block will handle that just fine:

I inserted that into the script just below the last line I added:

That leaves "externalWFStub" and honestly,  you could just leave this alone and not assign a value.  It is only used in the IPAM workflow for logging information, as shown below in this example workflow log:

I promised no modification of the Infoblox workflows, so I'll stick to that. Ideally, I could change the IPAM workflow to display "Workflow started from Event Broker" and provide the event information.  But, just to provide some logging info, I will get the Event Broker payload properties and use that for the "externalWFStub" value so at least that information is logged on run.

So, I added the lines below to my wrapper script:

Inserted below the last code block I added above.

With those changes, I now have a wrapper for the IPAM workflow that can be used with Event Broker subscriptions.  The other IPAM workflows can be used within the same wrapper, although you should verify that the inputs are handled by the wrapper script as I did for this IPAM workflow.

Preparing vRA 7

If you followed the installation instructions for the Infoblox VMware Cloud Adapter, then you should have one or more Property Groups in vRA.  These property groups are used to pass the property values that the IPAM workflows need.  However, these groups also activate the WFStubs and since I am using Event Broker, I don't want those WFStubs to execute.

I made a copy of the property group "Infoblox Reserve IP in Network" as below:

I renamed the new Property Group "EB InfoBlox Reserve IP in Network" and removed any properties that reference WFStubs and saved the Property Group.

Now I can associate this Property Group with a blueprint (and disassociate the Infoblox created Property Groups if needed).

Creating an Event Broker subscription is beyond the scope of this post, but you can find more information about that in the video recording I linked above.  A few things to note on the subscription:

  • I used the Lifecycle State Name "VMPSMasterWorkflow32.BuildingMachine" and Lifecycle State Phase "PRE" as this equates to the WFStub,BuildingMachine.
  • I made the Event Broker subscription a blocking subscription with a suitable timeout.  Obviously you need IP info or you don't want to continue with a build.
There's a lot of duplicate logging of properties between the workflow wrapper and the IPAM workflow spitting out the machine properties.  If I were running in production, I'd probably trim a lot of that logging information out or set it for debug only.

Finally, keep in mind that this is only for the IP provisioning IPAM workflow.  You will need to wrap the IP deprovisioning IPAM workflow as well and create an Event Broker subscription for that.

**UPDATE** Some readers have reported that the workflow package I linked will not import into vRO.  So, here is a link to the scriptable task within the wrapper workflow:

Wednesday, December 2, 2015

Captain's Log, Supplemental - HOL-SDC-1602, Migrating to VDS Using Host Profiles

As a Lab Captain for VMware's Hands-on-Labs (HOL) this year, I enjoyed creating content for the lab "vSphere with Operations Management 6- Advanced Topics" (HOL-SDC-1602).  However, I had to cut some of the content due to the length of the lab.

One of the topics I had to cut was "Migrating to the vSphere Distributed Switch" where you learn how to migrate using the Host Profiles method.  In the official lab guide, you will use the vSphere Web Client to perform the migration from a vSphere Standard Switch (VSS) to a vSphere Distributed Switch (VDS).  However, another method exists using Host Profiles and works much better at scale and ensures that any new hosts will be set up for networking appropriately.

You can find the supplemental guide here.  HOL are available here and registration is free and easy.

Friday, November 20, 2015

Get A List of vR Ops Available Metrics

When building dashboards, reports or even symptoms and alerts in vRealize Operations Manager 6, it may be helpful to have a handy reference of metrics available in a given instance of vR Ops.  This is dependent on the solutions installed, of course, so this will vary from instance to instance.

Also, with the vRealize Operations Manager 6.1 Endpoint Operations capability, it may be useful to have a list of all metrics available after installing a new solution or plugin (such as SQL or IIS).

I have created a vRealize Orchestrator workflow and action to provide an HTML output of available metrics for a given solution.  In vR Ops API terms, solutions are "adapter kinds" so the workflow input and output uses this nomenclature.  But, they both mean the same thing.

You can download the solution from FlowGrab here.  Sample output below.

Thursday, November 5, 2015

Cannot Start a VM - A general system error occurred: Connection refused

The error referenced in the title was one I ran into today while trying to start some VMs.  I finally found a KB somewhat related to this issue and the workaround did the trick for me.

Basically, the vCenter Workflow Manager service had stopped on my vCenter server.  In my case, I'm running the 6.0.0 vApp so I had to open an SSH session and enter the following:

shell.set --enabled true
service-control --status vmware-vpx-workflow
   (this command confirmed the service was stopped)
service-control --start vmware-vpx-workflow

Once running, I was able to start VMs again from vCenter.

Not sure why this was so hard to find in a web search but hopefully the search engines will pick up this blog post and save people some time!

See also:

VMware KB: VMware NSX for vSphere 6.x Controller deployment fails the error: Failed to power on VM NSX Controller
VMware KB: Stopping, starting, or restarting VMware vCenter Server Appliance 6.0 services

Friday, July 24, 2015

Using Postman to Explore the vRealize Operations Manager 6 API

If you are like me, the concept of REST was something I understood but as a vAdmin I had no exposure to actually using for automation tasks.  In short, the REST API provided with vR Ops 6 allows you to interact with vR Ops through scripts and workflows (i.e. vRealize Orchestrator).  But before jumping into that, it is helpful to understand, "How do I get to the REST API and what can I do?"

For that, I have prepared a video walking you through a set of Postman REST calls I put together in a collection.  I have grown to like Postman, which is a Google Chrome extension, as my REST client of choice.  Using Postman, I can formulate and test REST calls that I may wish to use with scripts and workflows, or just quickly grab information or make changes.

If you don't have Postman installed, it's easy enough to start.  Just install the extension; it's free (although there are additional costs for advanced features - I don't use any in this tutorial).

Next, you will need the link to my Postman collection for vR Ops 6.  Once you have that, you are ready to watch and then practice on your own.  You will, of course, also need your own instance of vR Ops to experiment with and I highly recommend you do this on a non-production system.

Tuesday, April 14, 2015

Adding New Property Sets in vRealize Automation 6

Build Profiles in vRA are a great time saver for managing sets of custom properties that share a common purpose.  When you create Build Profiles, you can add sets of custom properties without having to refer to the vRA documentation with Property Sets.

It would be handy to create your own property sets - for example, I'm always looking up the properties needed to envoke the Guest Agent.  I just can't seem to remember them!

Fortunately, you can do this in vRA by importing an XML document with the properties you want to create a custom Property Set.

The format for the XML is -

<?xml version="1.0" encoding="UTF-16"?>

    <Property Name="propertyname" DefaultValue="somevalue" Encrypted="true_false" PromptUser="true_false"/>

So, in my case, I created an XML document for Guest Agent properties as follows -

<?xml version="1.0" encoding="UTF-16"?>

    <Property Name="VirtualMachine.Admin.UseGuestAgent" DefaultValue="true" Encrypted="false" PromptUser="false"/>
<Property Name="VirtualMachine.Admin.CustomizeGuestOSDely" Encrypted="false" PromptUser="false"/>
<Property Name="VirtualMachine.Customize.WaitComplete" DefaultValue="true" Encrypted="false" PromptUser="false"/>
<Property Name="VirtualMachine.Software0.Name" Encrypted="false" PromptUser="false"/>
<Property Name="VirtualMachine.Software0.ScriptPath" Encrypted="false" PromptUser="false"/>

From the

Infrastructure tab > Blueprints > Build Profiles section in the UI, you can select the Manage Property Sets link to import the XML (scroll down to the bottom of the screen) -

Once imported, your Property Set is ready to use in Build Profiles -

Friday, April 10, 2015

A Postman Collection of vRealize Automation 6 API Calls

I recently had a demo request for the vRealize Automation 6 consumer REST API and I put together a quick collection of Postman REST calls for the demo so I wouldn't have to type them out or search my history during the demo.  I thought I would share them here as others might find this collection useful when exploring the API.

The collection JSON can be found here.

If you aren't familiar with Postman, it is a REST client add-on for Chrome that you can use to test and view API calls - very powerful and lots of features I haven't even explored.  I prefer the "packaged app" version rather than the Chrome plugin.

As of this posting, I have 8 REST calls in the collection.

  • Authenticate - contains the URI and JSON example form for requesting a bearer token.  You'll need the token for the rest of the actions, so explore this first.  Tokens are good for 24 hours by default.
  • Get IaaS Catalog Items - this is a GET for catalog items with a query on the end of the URL for the service ID associated with your IaaS service.  To get this ID, you'll need to run the "Get All Services" and examine the output to find the IaaS service ID.
  • Get All Services - as explained above.  You can also use this to modify the Catalog Items request to find ASD catalog items, AppService catalog items, etc.
  • Get A Catalog Item - Once you have a catalog item ID, you can update the URL and replace the example ID with your own.
  • Request Catalog Item - You'll need to do a little more work here.  For the most part, the example is good but you will want to modify the JSON request in the body to align with your catalog item's fields.  You'll note that I changed several values for some keys that have to modified with your specific environment information (for example, "CATALOG ITEM ID HERE").  For the request key:values modify the requestData/entries array to match the request form you would normally see in the UI.  An easy way to do this, is to use the CloudClient to export a previous request in JSON format and then you can copy the entries array to use with this request.  You could also use Postman to get a previous request and copy/paste from there, but I just find it easier to use CloudClient for that task because I then have a copy I can refer back to without having to get the request again.
  • Status of Request - You can always go into the vRA UI and check the status of a request, but programatically you can do the same using this call.
  • Resource Action Request - This example can be used to perform an action menu item request. Use the "Get Actions for a Resource" call to obtain the pertinent information for the request.
  • Get Actions for a Resource - As indicated above, precursor for running the "Resource Action Request" but note that the action IDs are global (i.e. Power off a VM) so if you are requesting the same action on multiple machines you don't need to modify the action ID each time.
Hope this helps.  Questions in comments or hit me on twitter @johnddias.