I’ve recently been working with Ansible as a configuration management solution. Workloads deployed from vRealize Automation to the private cloud are handed off to Ansible Tower, whereas existing infrastructure is managed in the downstream product – AWX. This is mainly Continue reading
Enabling HashiCorp Vault Lookups in Ansible AWX – Part 2
Earlier in the year, I wrote about how to create a Python virtual environment on Ansible AWX to run the HashiCorp lookup module.
The last task is to create the credentials to support the Vault lookup, followed by configuring the necessary variables in the inventory.
Continue reading
Using Continuous Deployment to Provision VDI Desktops
Back in May, I wrote about using GitLab to automate my server builds using HashiCorp Packer. Whilst it is trivially easy to update it to accommodate desktop builds for our VDI users, I now needed a solution to automate the entire workflow – building the image and updating my VMware Horizon desktop pool. In this post, I will document how to do just that, Continue reading
Enabling HashiCorp Vault Lookups in Ansible AWX
Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount Continue reading
Modifying AWS Route53 Records in vRealize Automation – Part 2
In part 1 of this short series, I set the scene for a blueprint VM requiring a DNS record to be created in AWS Route53. I documented the vRO resource and configuration elements that would be needed, along with a handful of actions. In the final part, we tackle the main workflow plus Continue reading
Modifying AWS Route53 Records in vRealize Automation – Part 1
I recently built a vRealize Automation blueprint in the lab that provisions a vSphere machine into the DMZ which could be accessed externally. For users to be able to connect to this machine it will need a DNS record to be created in my external DNS domain, which is hosted with Amazon Web Services. Continue reading
Adding Internal CA SSL chains to Ansible AWX
I’m currently in the process of integrating my HobbitCloud machines into Ansible AWX. After creating an inventory, establishing my groups and adding my hosts, I began to create an SCM-based project that connects to my internal GitLab server. Unfortunately, I ran straight into an error. Continue reading
Wednesday Tidbit: Automate VMware OSOT for your VDI Images
The other day I tweeted a short bit of code on how to automate the zeroing-out of your VDI images using SDelete:
I got quite a few DMs afterwards asking if it was possible to do the same with VMware’s OS Optimization Tool.
So without further ado, here’s the code I use as the last step in my Packer builds before closing them down for svMotioning:
$ErrorActionPreference = "Stop" | |
$webserver = "webserver.contoso.local" | |
$url = "http://" + $webserver | |
$files = @("VMwareOSOptimizationTool.exe","VMwareOSOptimizationTool.exe.config","my_osot.xml") | |
$exe = $files[0] | |
$arg = "-o -t " + $files[2] | |
# Verify connectivity | |
if (Test-Connection $webserver –Quiet){ | |
# Get the OSOT files | |
ForEach ($file in $files) | |
{ | |
Invoke-WebRequest –Uri ($url + "/" + $file) –OutFile $env:TEMP\$file | |
} | |
} else { | |
throw "No connection to server. Aborting." | |
} | |
# Change to temp folder | |
Set-Location $env:TEMP | |
# Run OSOT | |
Try | |
{ | |
Start-Process $exe –ArgumentList $arg –Passthru –Wait –ErrorAction stop | |
} | |
Catch | |
{ | |
Write-Error "Failed to run OSOT" | |
Write-Error $_.Exception | |
Exit -1 | |
} | |
# Delete files | |
ForEach ($file in $files) | |
{ | |
Remove-Item –Path $env:TEMP\$file –Confirm:$false | |
} |
Please remember to swap out your web server and to specify your own XML file. You could also YOLO it and use one of the built-in templates…
…but don’t be surprised when you cripple half your apps 🙂
Wednesday Tidbit: PowerShell’s Import-PFXCertificate Removes the Private Key
I’ve been working on a complex automation solution recently in lab, and one task was to import a certificate to be used by VMware Horizon.
Those familiar with Horizon will know that any certificate used will need to have its corresponding private key which will also need to be exportable. The certificate also needs to have a friendly name of “vdm”. Continue reading
Custom Naming in vRealize Automation 7.x
When adding extensibility to your vRealize Automation platform, it’s important to get the basics right first. All too often it’s tempting to rush off and build complex blueprints whilst forgetting about the building blocks of good infrastructure, like naming and IPAM. Here I’m going to demonstrate how I do custom naming for workloads in my environment. Continue reading