In my previous post on vROPs Tenant Appliance for vCD, I covered steps of manual deployment & configuration. In this post I will cover how we can achieve this via CLI/API.
These API’s can be leveraged via any scripting language to automate the deployment of vROPs TA.
Step 1: Deploy vROPs Tenant Appliance via ovftool
As of now there is no API for automating deployment of appliance via API, so we will use ovftool for this purpose.
|
1 |
ovftool --name=<vrops-ta-fqdn> --acceptAllEulas --X:logFile=ovftool.log --X:injectOvfEnv --allowExtraConfig --noSSLVerify --datastore=vsanDatastore --network=VM_MGMT --diskMode=thin --powerOn --prop:vrops_host=<vrops-fqdn> --prop:vami.ip0.vROps_Tenant_App_for_vCD=x.x.x.x.x --prop:vami.netmask0.vROps_Tenant_App_for_vCD=x.x.x.x --prop:vami.gateway.vROps_Tenant_App_for_vCD=x.x.x.x.x --prop:vami.domain.vROps_Tenant_App_for_vCD=<domain-name> --prop:vami.searchpath.vROps_Tenant_App_for_vCD=<domain-name> --prop:vami.DNS.vROps_Tenant_App_for_vCD=x.x.x.x.x "C:\Users\Administrator\Downloads\vROPS Tenant App\vROps-Tenant-App-for-vCD-2.3.0.33067-14826907_OVF10.ova" vi://root@<esxi-fqdn>/ |
Step 2: Get Authentication Token
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
Method: POST URL: https://<vrops-ta-fqdn>/suite-api/api/auth/token/acquire Authorization: none Headers: Content-Type: application/json, Accept: application/json Sample Payload: { "username":"admin", "password":"vROPS-Password" } |
Sample Output: Make a note of token value from response output.
|
1 2 3 4 5 6 7 8 |
{ "token":"b4cd0f31-422c-42a8-bd58-0435108c5b1a::3c57287c-6eff-4ede-8a99-0ed3f04fb7c2", "validity":1584440231189, "expiresAt":"Tuesday, March 17, 2020 10:17:11 AM UTC", "roles":[ ] } |
Note: If you are using Postman to execute API, you can use below snippet as test to save the obtained token as environment variable
var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable(“vRops-TA-Token”, jsonData.token);
Step 3: Configure vCD as Endpoint to vROPs TA
vROPs TA can be used with both vCD & vCenter. In my environment I am using TA for vCD connection.
|
1 2 3 4 5 6 7 |
Method: GET URL: https://<vrops-ta-fqdn>/tenant-app-api/first_setup?solution=vcd Headers: Authorization: vRealizeOpsToken {{vROPs-TA-Token}} |
Step 4: Configure vROPs Credentials in Tenant Appliance
Tenant Appliance do not have any credentials of its own and it uses vROPs admin user credentials for login. But before we can use this credential, we have to configure this.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Method: POST URL: https://<vrops-ta-fqdn>/tenant-app-api/admincredential Authorization: vRealizeOpsToken {{vROPs-TA-Token}} Sample Payload: { "username":"vROPs-Admin", "password":"vROps-Password" } |
Step 5: Integrate Tenant Appliance with vCD for Plugin Access
In this step we are integrating vROPs TA with vCD, so that Tenants can view performance metric data in vCD itself without having them login to TA separately.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
Method: POST URL: https://<vrops-ta-fqdn>/tenant-app-api/services/service/tenant-app-plugin/start Authorization: vRealizeOpsToken {{vROPs-TA-Token}} Headers: Content-Type: application/json Sample Payload: { "amqpPort":5672, "amqpVHost":"/", "amqpUseSSL":false, "amqpUsername":"amqpuser", "amqpPassword":"amqp-password", "proxy":"<vrops-ta-fqdn>", "vcdInfo":{ "hostname":"vcd-fqdn", "username":"administrator@system", "password":"admin-password" }, "loading":true, "publish":true, "amqpHost":"rabbitmq-fqdn" } |
Step 6: Add local user (per tenant) for direct access to Tenant Appliance
If a tenant wants to login to Tenant Appliance to view performance metrics, service provider has to add local users/tenant. This is a 2 step process:
6a: Fetch Resource ID for a specific tenant.
|
1 2 3 4 5 6 7 |
Method: GET URL: https://<vrops-ta-fqdn>/suite-api/api/auth/users Headers: Authorization: vRealizeOpsToken {{vROPs-TA-Token}} |
Sample Output: From sample output make a note of resourceID associated with a specific tenant.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
{ "@enabled":"true", "id":"0e95b96b-ae1c-4780-958d-8392f8e0d70c", "username":"urn:vcloud:org:b9fc81e0-058c-451d-947a-9268a32512b1", "firstName":"urn:vcloud:org:b9fc81e0-058c-451d-947a-9268a32512b1", "lastName":"vStellar", "password":{ "@nil":"true" }, "emailAddress":"urn:vcloud:org:b9fc81e0-058c-451d-947a-9268a32512b1@vStellar.org", "groupIds":"1f33c934-3d25-481f-aa7f-b97a00a72a46", "roleNames":{ "roleName":"VCD Tenant Admin" }, "role-permissions":{ "role-permission":{ "@allowAllObjects":"false", "roleName":"VCD Tenant Admin", "traversal-spec-instances":{ "traversal-spec-instance":{ "@selectAllResources":"false", "adapterKind":"vCloud", "resourceKind":"vCloud World", "name":"vCloud Tenant", "resourceSelection":{ "resourceId":"5a6a5ae9-10b8-473b-9648-b9cd25f50e1d" } } } } } } |
6b: Add Local User for Tenant
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
Method: POST URL: https://<vrops-ta-fqdn>/suite-api/api/auth/users Headers: Authorization: vRealizeOpsToken {{vROPs-TA-Token}} Sample Payload: { "username":"manishj", "password":"password", "firstName":"Manish", "lastName":"Jha", "emailAddress":"manishj@vmware.com", "enabled":true, "role-permissions":[ { "roleName":"VCD Tenant Admin", "traversal-spec-instances":[ { "adapterKind":"vCloud", "resourceKind":"vCloud World", "name":"vCloud Tenant", "resourceSelection":[ { "type":"PROPAGATE", "resourceId":[ "5a6a5ae9-10b8-473b-9648-b9cd25f50e1d" ] } ] } ] } ] } |
And that’s it for this post.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂