Using the vRSLCM API to Create the Global Environment and Deploy VMware Identity Manager (Cluster Deployment)

Share this on:

Aria Suite Lifecycle vRSLCM ASL API VIDM

Published on 23 August 2022 by Christopher Lewis. Words: 1362. Reading Time: 7 mins.

In this post, we will look at how we can use the VMware vRealize Suite Lifecycle Manager (vRSLCM) API to configure the Global Environment and install the VMware Identity Manager (VIDM) cluster. The Global Environment is required to install vRealize Automation and provides a Single Sign-On (SSO) Solution for the vRealize Suite.

We are going to be using cURL to complete API calls to complete the following operational tasks:

  • Create the Global Environment and deploy VMware Identity Manager 3.3.5 (Cluster Deployment)

This post is a part of a series that covers how we can install, configure and manage the vRealize Suite using the vRSLCM API.

Prerequisites

The following prerequisites are required for this blog post:

Walkthrough

Deploy VMware Identity Manager (Cluster)

Overview

We are going use this API call to create the Global Environment (aka globalenvironment) and deploy a single VMware Identity Manager appliance. As we can see there is a lot of information required within the REST API body. This is because we are, essentially, creating an answer file for the deployment wizard we would be stepping through if we did this via the UI.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
    • Authorization: Basic {admin@local credential hash}
  • Request Body Values:
    • Infrastructure:
      • Properties:
        • dataCenterVmid - the target datacenter Id (see the Prerequisites section for information on obtaining this value)
        • vcName - the user friendly name of the vCenter Server.
        • vcFqdn - the FQDN of the vcenter server.
        • vcUsername - the vCenter username that has been assigned a role with sufficient priviliges in vCenter Server.
        • vcPassword - the password for the vCenter username. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • eula - a boolean value to accept the EULA.
        • ceip - a boolean value to accept / deny the Customer Experience Improvement Program (CEIP).
        • defaultPassword - the default password for the deployment. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • certReference - the default password for the deployment. This can be specified as a certificatestored in vRSLCM locker (using the format locker:certificate:{vmid}:{alias}).
        • vcCluster - the datacenter & cluster where the VMware Identity Manager will be installed (using the format {datacenter}#{cluster}).
        • vcDatastore - the name of the target datastore.
        • diskMode - The decision on wether to provision using thick or thin disks.
        • portGroup - The name of the virtual switch port group for the network interface.
        • dnsServers - A comma delimited list of DNS server IP Addresses.
        • dnsDomain - The DNS Domain for the virtual machine.
        • ipv4Gateway - The IP v4 Gateway address for the vIDM network interface.
        • ipv4SubnetMask The IP v4 Subnet Mask (such as 255.255.255.0).
        • dnsSearchDomain - A comma separated list of the DNS Search domains.
    • Products:
      • Properties:
        • defaultConfigAdminEmail - The default email address for the configuration user in VIDM.
        • defaultAdminPassword - The default password for VIDM. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • defaultConfigAdminUsername - The default config admin username for VIDM.
        • defaultConfigAdminPassword - The default password for VIDM. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • certReference - The default password for the deployment. This can be specified as a certificatestored in vRSLCM locker (using the format locker:certificate:{vmid}:{alias}).
        • vidmNodeSize - The size of the VIDM node(s) to be deployed. This is a value of xsmall, small, medium, large, xlarge or xxlarge. A value of large is recommended for vRealize Automation deployments.
        • fipsEnabled - A boolean value on whether Federal Information Processing Standard (FIPS) should be enabled. Once enabled this cannot be disabled.
        • syncGroupMembers - A boolean value to decide whether to synchronise AD Group Members automatically.
      • Cluster VIP:
        • lbDnsNodeType - In a cluster deployment, this is always vidm-lb.
        • lbFqdn - This is the FQDN of the DNS record for the VIDM VIP.
        • lbIpNodeType - In a cluster deployment, this is always vidm-delegate.
        • lbIpv4Address - This is the IP v4 address for the VIDM VIP.
      • Nodes:
        • nodeType - In a cluster deployment the first node is always vidm-primary. The subsequent two other nodes (maximum 3 nodes) are classed as vidm-secondary.
        • Properties:
          • vmName - The friendly name for the VIDM appliance in vCenter Server.
          • vmFqdn - The fqdn of the VIDM appliance.
          • vmIpv4Address - The IP v4 address of the VIDM appliance.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}'
--data-raw '{
  "environmentId": "globalenvironment",
  "environmentName": "globalenvironment",
  "infrastructure": {
    "properties": {
      "dataCenterVmid": "{dataCenterVmid}",
      "regionName": "",
      "zoneName": "",
      "vCenterName": "{vcName}",
      "vCenterHost": "{vcFqdn}",
      "vcUsername": "{vcUsername}",
      "vcPassword": "{vcPassword}",
      "acceptEULA": "{eula}",
      "enableTelemetry": "{ceip}",
      "defaultPassword": "{defaultPassword}",
      "certificate": "{certReference}",
      "cluster": "{vcCluster}",
      "storage": "{vcDatastore}",
      "folderName": "",
      "resourcePool": "",
      "diskMode": "{diskMode}",
      "network": "{portGroup}",
      "masterVidmEnabled": "false",
      "dns": "{dnsServers}",
      "domain": "{dnsDomain}",
      "gateway": "{ipv4Gateway}",
      "netmask": "{ipv4SubnetMask}",
      "searchpath": "{dnsSearchDomain}",
      "timeSyncMode": "host",
      "ntp": "",
      "isDhcp": "false",
      "vcfProperties": "{\"vcfEnabled\":false,\"sddcManagerDetails\":[]}",
      "_selectedProducts": "[{\"id\":\"vidm\",\"type\":\"new\",\"selected\":true,\"sizes\":{\"3.3.5\":[\"standard\",\"cluster\"]},\"selectedVersion\":\"3.3.5\",\"selectedDeploymentType\":\"standard\",\"tenantId\":\"Standalone vRASSC\",\"description\":\"VMware Identity Manager ™ enables quickly and easily provision apps, apply conditional access controls, and enable secure single sign-on (SSO) to SaaS, web, cloud and native mobile apps using a self-service catalog.\",\"detailsHref\":\"https://docs.vmware.com/en/VMware-Identity-Manager/index.html\",\"errorMessage\":null,\"productVersions\":[{\"version\":\"3.3.5\",\"deploymentType\":[\"standard\",\"cluster\"],\"productDeploymentMetaData\":{\"sizingURL\":null,\"productInfo\":\"VMware Identity Manager - 3.3.5\",\"deploymentType\":[\"Standard\",\"Cluster\"],\"deploymentItems\":{\"Node Count\":[\"1\",\"3\"]},\"additionalInfo\":[\"*Standard - One vIDM node will be deployed\",\"*Cluster - Three vIDM node will be deployed\"]}}]}]",
      "_isRedeploy": "false",
      "_isResume": "false",
      "_leverageProximity": "false",
      "__isInstallerRequest": "false"
    }
  },
  "products": [
    {
      "id": "vidm",
      "version": "3.3.5",
      "properties": {
        "defaultConfigurationEmail": "{defaultConfigEmail}",
        "vidmAdminPassword": "{defaultAdminPassword}",
        "syncGroupMembers": {syncGroupMembers},
        "nodeSize": "xsmall",
        "defaultConfigurationUsername": "{defaultConfigAdminUsername}",
        "defaultConfigurationPassword": "{defaultConfigAdminPassword}",
        "defaultTenantAlias": "",
        "vidmDomainName": "",
        "certificate": "{certReference}",
        "contentLibraryItemId": "",
        "fipsMode": "{fipsEnabled}"
      },
      "clusterVIP": {
        "clusterVips": [
          {
            "type": "{lbDnsNodeType}",
            "properties": {
              "hostName": "{lbFqdn}"
            }
          },
          {
            "type": "{lbIpNodeType}",
            "properties": {
              "ip": "lbIpv4Address"
            }
          }
        ]
      },
      "nodes": [
        {
          "type": "{nodeType}",
          "properties": {
            "vmName": "{vmName}",
            "hostName": "{vmFqdn}",
            "ip": "{vmIpv4Address}"
          }
        },
                {
          "type": "{nodeType}",
          "properties": {
            "vmName": "{vmName}",
            "hostName": "{vmFqdn}",
            "ip": "{vmIpv4Address}"
          }
        },
                {
          "type": "{nodeType}",
          "properties": {
            "vmName": "{vmName}",
            "hostName": "{vmFqdn}",
            "ip": "{vmIpv4Address}"
          }
        }
      ]
    }
  ],
  "metaData": {
    "isCloudProxyEnvironment": "false"
  }
}'

Note:
Remember, the –insecure flag is also required in the curl command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the request id:

{
    "requestId": "globalenvironment"
}

We can track the progress of vRSLCM requests via the API. Check out Using the vRealize Suite Lifecycle Manager (vRSLCM) API to track vRSLCM Requests for more information.

Once the state of the vRSLCM request is COMPLETED we can then continue on to complete the upgrade.

Wrapping It All Up!

In this post we used the vRSLCM to create a globalenvironment within a new deployment of vRSLCM. It is important to understand that you can only ever have one globalenvironment within a vRSLCM instance. This means you can also only have one VIDM install per vRSLCM deployment too.

Now that we have VIDM cluster installed we can install other vRealize Suite products into a new vRSLCM environment that can make use of VIDM as a single sign-on source.

If this API this snippet has been helpful, make sure you checkout the rest of the series!

Published on 23 August 2022 by Christopher Lewis. Words: 1362. Reading Time: 7 mins.