thecloudxpert

Using the vRSLCM API to Deploy vRealize Operations (Single Node)

vRSLCM API vROps

Published on 27 August 2022 by Christopher Lewis. Words: 3122. Reading Time: 15 mins.

In this post, we will look at how we can use the VMware vRealize Suite Lifecycle Manager (vRSLCM) API to deploy vRealize Operations (vROps) in a single node deployment configuration into both a new and an existing vRSLCM environment.

We are going to be using cURL to complete API calls to complete the following operational tasks:

  • Create an SSL Certificate for vRealize Operations.
  • Download the vRealize Operations OVA from MyVMware (AKA VMware Customer Connect).
  • Create a new Environment and deploy VMware vRealize Operations 8.10.x (single node).
  • Adding a VMware vRealize Operations 8.6.x to an existing vRSLCM Environment.

This post is a part of a series that covers how we can install, configure and manage the vRealize Suite using the vRSLCM API.

Prerequisites

The following prerequisites are required for this blog post:

Walkthrough

Create an SSL Certificate for vRealize Operations

Overview

In this section we are going to use the vRSLCM API to create a self-signed certificate for the vROps single-node deployment. Self-signed certificates can be easily generated and used during the installation of the vRealize Suite components if no CA-signed certificate is available. If required, post-deployment, a CA-signed certificate can be generated and replace the self-signed certificate using vRSLCM.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{vrslcm.fqdn}/lcm/locker/api/v2/certificates
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
    • Authorization: Basic {insert credential hash}
  • Request Body Values:
    • alias - the user friendly name for the certificate in the UI.
    • cN - the fqdn of the vip, such as vrops.thecloudxpert.local.
    • ip - (OPTIONAL) a list of IP addresses that should be included in the certificate.
    • host - a list of the fqdns of each host that should be included in the certificate.
    • oU - the Organizational Unit value for the SSL certitifcate.
    • size - the Key Length of the certificate, either 2048 or 4096.
    • o - the Organization value for the SSL certitifcate.
    • l - the Location value for the SSL certificate.
    • sT - the State value for the SSL certificate.
    • c - the Country Code value for the SSL certificate.

Note:
It is a strong recommendation not to include IP addresses in SSL Certificates unless strictly necessary because it removes the flexibility of easily changing IP addresses of appliances.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{vrslcm.fqdn}/lcm/locker/api/v2/certificates' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}' \
--data-raw '{
    "alias": "vRealize Operations",
    "cN": "vrops.thecloudxpert.local",
    "ip": [],
    "host": [
        "vrops.thecloudxpert.local"
        ],
    "oU": "thecloudxpert",
    "size": "2048",
    "o": "thecloudxpert",
    "l": "London",
    "sT": "United Kingdom",
    "c": "GB"
  }'

Note:
The –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.

API Response

The response returned from a successful request (Status Code=200 OK) will be something like:

{
    "alias": "VMware vRealize Operations",
    "key": "{privateKey}",
    "certChain": "{chainCert}",
    "leafCert": "{leafCert}",
    "validations": [],
    "validity": {
        "period": "1 year, 11 months and 28 days",
        "expiresOn": "2024-05-28T11:40:48.000+0000",
        "issuedOn": "2022-05-29T11:40:48.000+0000",
        "healthy": true
    },
    "certInfo": {
        "subject": "CN=vrops.thecloudxpert.local,OU=thecloudxpert,O=thecloudxpert,L=London,ST=United Kingdom,C=GB",
        "issuer": "CN=vRealize Suite Lifecycle Manager Locker CA,O=VMware,C=IN",
        "san": "DNS: vrops.thecloudxpert.local",
        "algorithm": "SHA256WITHRSA",
        "keyAlgorithm": "RSA",
        "keyLength": 2048,
        "sha256": "{sha256 fingerprint}",
        "sha1": "{sha1 fingerprint}"
    }
}

For more information on Managing SSL Certificates in vRSLCM, see Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Managing SSL certificates .

Download the vRealize Operations OVA from MyVMware (AKA VMware Customer Connect)

Overview

In this section we are going to be using an API request to download the vRealize Operations installation Product Binaries (OVA) from My VMware (AKA VMware Customer Connect) to the vRSLCM appliance.

Note:
This section of the article was originally tested on vRSLCM 8.6 but I got a LCMVSPHERECONFIG1000087 error. Following a interweb search, I found KB86088 . This explains the reason for the error is that the source mapping logic in vRSLCM had a logical flaw in performing the mapping of the binaries causing the error. So I ended I decided to upgrade to vRSLCM 8.6.2, then I downloaded the vROps 8.6.2 OVA from the VMware Customer Connect portal, transferred the file into the /data directory of the appliance and manually mapped the vROps binary through the user interface.

POST API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{vrslcm.fqdn}/lcm/lcops/api/v2/settings/my-vmware/product-binaries/download
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
    • Authorization: Basic {insert credential hash}
  • Request Body Values:
    • productId - The ID (or shortcode) for the specific product, in this instance we are going to be using vrops.
    • producName - The Name for the specific product, in this instance we are going to be using VMware vRealize Operations.
    • productVersion - The supported Version of the product, in this instance we are going to be using 8.6.2.
    • productBinaryType - The Binary Type, in this instance we are going to be using Install.
    • productBinaryPath - This should be set to null when downloading from My VMware.
    • componentName - This should be set to null when downloading from My VMware.
    • mappingType - This should be set to null when downloading from My VMware.
    • requestId - This should be set to null as it is generated as part of the API request.
    • removeBinary - This should be set to null when downloading from My VMware.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{vrslcm.fqdn}/lcm/lcops/api/v2/settings/my-vmware/product-binaries/download' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}' \
--data-raw '[
    {
    "productId": "vrops",
    "productVersion": "8.6.2",
    "productBinaryType": "Install",
    "productBinaryPath": null,
    "componentName": null,
    "mappingType": null,
    "productName": "VMware vRealize Operations",
    "requestId": null,
    "removeBinary": null
    }
]'

Note:
The –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.

API Response

When submitting that request, a request is created and the API response should be a request ID for you to track. Something similar to:

{
    "requestId": "68ad91d7-8df5-4316-8a05-46d0875437dc"
}

Remeber we can track the progress of requests via the API too! Check out Using the vRealize Suite Lifecycle Manager (vRSLCM) API to track vRSLCM Requests for more information!

Create a new Environment and deploy VMware vRealize Operations 8.6.2 (Standard Deployment)

Overview

We are going use API calls to create a new vRSLCM Environment (called Production vROps) and deploy vRealize Operations in a standard deployment (single node) configuration. As we can see there is a lot of information required within the REST API body. This is because we are, essentially, creating an answer file for the deployment wizard we would be stepping through if we did this via the UI.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
    • Authorization: Basic {admin@local credential hash}
  • Request Body Values:
    • environmentName - the friendly name of the environment when seen in the vRSLCM UI.
    • Infrastructure:
      • Properties:
        • dataCenterVmid - the target datacenter vmid in vRSLCM, see Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Managing Datacenters
        • vCenterName - the user friendly name of the vCenter Server.
        • vCenterHost - the FQDN of the vcenter server.
        • vcUsername - the vCenter username that has been assigned a role with sufficient priviliges in vCenter Server.
        • vcPassword - the password for the vCenter username. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • acceptEULA - a boolean value to accept the EULA.
        • enableTelemetry - a boolean value to accept / deny the Customer Experience Improvement Program (CEIP).
        • defaultPassword - the default password for the deployment. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • certificate - the default password for the deployment. This can be specified as a certificate stored in vRSLCM locker (using the format locker:certificate:{vmid}:{alias}).
        • cluster - the datacenter & cluster where the appliances will be installed (using the format {datacenter}#{cluster}).
        • storage - the name of the target datastore.
        • diskMode - The decision on wether to provision using thick or thin disks.
        • network - The name of the virtual switch port group for the network interface.
        • dns - A comma delimited list of DNS server IP Addresses.
        • domain - The DNS Domain for the virtual machine.
        • gateway - The IPv4 Gateway address for the vIDM network interface.
        • netmask The IPv4 Subnet Mask (such as 255.255.255.0).
        • searchpath - A comma separated list of the DNS Search domains.
        • timeSyncMode - This is either host or ntp. If we choose ntp then we also need to provide the FQDN or IPv4 address of the NTP servers in the ntp key/value pair.
    • Products:
      • id - The short code for the vRealize Suite product being installed. In this instance we are using vrops.
      • version - The version of the vRealize Suite product being installed. In this instance we are using 8.6.2.
      • Properties:
        • certificate - The default password for the deployment. This can be specified as a certificatestored in vRSLCM locker (using the format locker:certificate:{vmid}:{alias}).
        • productPassword - The default password for VRA. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • licenseRef - The vRSLCM locker reference for the product license (using the format locker:license:{vmid}:{alias}).
        • fipsMode - A boolean value on whether Federal Information Processing Standard (FIPS) should be enabled. Once enabled this cannot be disabled.
        • timeSyncMode - This is either host or ntp. If we choose ntp then we also need to provide the FQDN or IPv4 address of the NTP servers in the ntp key/value pair.
        • ntp - Assuming the timeSyncMode is set to ntp, this is the ip address/FQDN of the ntp servers.
        • deployOption - The size of the VIDM node(s) to be deployed. We’re going to be using xsmall.
        • isCaEnabled - Is vRealize Operations being configured for Continuous Availability? No.
      • ClusterVIP:
        • Not required for this example.
      • Nodes:
        • type - In a single node deployment this is always of node type master.
        • Properties:
          • vmName - The friendly name for the vRA appliance in vCenter Server.
          • hostName - The fqdn of the vRA appliance.
          • ip - The IPv4 address of the vRA appliance.
      • Collector Groups
        • Not required for this example.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}'
--data-raw '{
  "environmentId": "",
  "environmentName": "Production vROps",
  "infrastructure": {
    "properties": {
      "dataCenterVmid": "{dataCenterVmid}",
      "regionName": "",
      "zoneName": "",
      "vCenterName": "vcs01",
      "vCenterHost": "vcs01.thecloudxpert.local",
      "vcUsername": "{vcUsername}",
      "vcPassword": "{vcPassword}",
      "acceptEULA": "true",
      "enableTelemetry": "false",
      "defaultPassword": "locker:password:{vmid}:{alias}",
      "certificate": "locker:certificate:{vmid}:{alias}",
      "cluster": "{datacenter}#{cluster}",
      "storage": "{vcDatastore}",
      "folderName": "",
      "resourcePool": "",
      "diskMode": "thin",
      "network": "{network}",
      "masterVidmEnabled": "true",
      "dns": "{dnsServer1},{dnsServer2}",
      "domain": "thecloudxpert.local",
      "gateway": "{ipv4Gateway}",
      "netmask": "255.255.255.0",
      "searchpath": "thecloudxpert.local",
      "timeSyncMode": "ntp",
      "ntp": "{ntpServer1},{ntpServer2}",
      "isDhcp": "false"
    }
  },
  "products": [
    {
      "id": "vrops",
      "version": "8.6.2",
      "patchHistory": null,
      "snapshotHistory": null,
      "logHistory": null,
      "clusterVIP": {
        "clusterVips": []
      },
      "nodes": [
        {
          "type": "master",
          "properties": {
            "vmName": "vrops",
            "hostName": "vrops.thecloudxpert.local",
            "ip": "{Ipv4Address}"
          }
        }
      ],
     "collectorGroups": null,      
      "properties": {
        "certificate": "locker:certificate:{vmid}:{alias}",
        "productPassword": "locker:password:{vmid}:{alias}",
        "licenseRef": "locker:license:{vmid}:{alias}",
        "disableTls": "",
        "fipsMode": "false",
        "timeSyncMode": "ntp",
        "masterVidmEnabled": true,
        "ntp": "{ntpServer1},{ntpServer2}",
        "affinityRule": false,
        "configureAffinitySeparateAll": "true",
        "deployOption": "xsmall",
        "isCaEnabled": "false",
        "contentLibraryItemId": ""

      }
    }
  ]
}'

Note:
Remember, the –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the request id:

{
    "requestId": "74b67c6a-fca7-4538-8a63-5326d8226d33"
}

We can track the progress of vRSLCM requests via the API. Check out Using the vRealize Suite Lifecycle Manager (vRSLCM) API to track vRSLCM Requests for more information.

Once the state of the vRSLCM request is COMPLETED then the installation of vROps will have finished.

Adding VMware vRealize Operations 8.6.2 to an existing vRSLCM Environment

Overview

We are going use API calls to add a new deployment of vRealize Operations (standard deployment/single node) to an existing vRSLCM Environment (that has vRealize Automation (standard deployment/single node) already deplyed into it). This is a subtly different API call to the previous API call we completed to create a vRSLCM environment and deploy vROps into it. As we can see, just like the previous API call to cretae a new environment, there is a lot of information required within the REST API body. This is because we are, essentially, creating an answer file for the deployment wizard we would be stepping through if we did this via the UI.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments/{environmentId}/products
    • environmentId is the GUID used to represent the environment.
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
    • Authorization: Basic {admin@local credential hash}
  • Request Body Values:
    • environmentName - the friendly name of the environment when seen in the vRSLCM UI.
    • Infrastructure:
      • Properties:
        • dataCenterVmid - the target datacenter vmid in vRSLCM, see Using the vRealize Suite Lifecycle Manager (vRSLCM) API for vRSLCM Day 2 Operations - Managing Datacenters
        • vCenterName - the user friendly name of the vCenter Server.
        • vCenterHost - the FQDN of the vcenter server.
        • vcUsername - the vCenter username that has been assigned a role with sufficient priviliges in vCenter Server.
        • vcPassword - the password for the vCenter username. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • acceptEULA - a boolean value to accept the EULA.
        • enableTelemetry - a boolean value to accept / deny the Customer Experience Improvement Program (CEIP).
        • defaultPassword - the default password for the deployment. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • certificate - the default password for the deployment. This can be specified as a certificate stored in vRSLCM locker (using the format locker:certificate:{vmid}:{alias}).
        • cluster - the datacenter & cluster where the appliances will be installed (using the format {datacenter}#{cluster}).
        • storage - the name of the target datastore.
        • diskMode - The decision on wether to provision using thick or thin disks.
        • network - The name of the virtual switch port group for the network interface.
        • dns - A comma delimited list of DNS server IP Addresses.
        • domain - The DNS Domain for the virtual machine.
        • gateway - The IPv4 Gateway address for the vIDM network interface.
        • netmask The IPv4 Subnet Mask (such as 255.255.255.0).
        • searchpath - A comma separated list of the DNS Search domains.
        • timeSyncMode - This is either host or ntp. If we choose ntp then we also need to provide the FQDN or IPv4 address of the NTP servers in the ntp key/value pair.
    • Products:
      • id - The short code for the vRealize Suite product being installed. In this instance we are using vrops.
      • version - The version of the vRealize Suite product being installed. In this instance we are using 8.6.2 but it could be anything upto the latest version depending on what is supported in the vRSLCM we are running.
      • Properties:
        • certificate - The default password for the deployment. This can be specified as a certificatestored in vRSLCM locker (using the format locker:certificate:{vmid}:{alias}).
        • productPassword - The default password for VRA. This can be specified as a credential stored in vRSLCM locker (using the format locker:password:{vmid}:{alias}) OR as a plain text password).
        • licenseRef - The vRSLCM locker reference for the product license (using the format locker:license:{vmid}:{alias}). large is recommended for vRealize Automation deployments.
        • fipsMode - A boolean value on whether Federal Information Processing Standard (FIPS) should be enabled. Once enabled this cannot be disabled.
        • timeSyncMode - This is either host or ntp. If we choose ntp then we also need to provide the FQDN or IPv4 address of the NTP servers in the ntp key/value pair.
        • ntp - Assuming the timeSyncMode is set to ntp, this is the ip address/FQDN of the ntp servers.
        • deployOption - The size of the VIDM node(s) to be deployed. We’re going to be using xsmall.
        • isCaEnabled - Is vRealize Operations being configured for Continuous Availability? No.
      • ClusterVIP:
        • Not required for this example.
      • Nodes:
        • type - In a single node deployment this is always of node type master.
        • Properties:
          • vmName - The friendly name for the vRA appliance in vCenter Server.
          • hostName - The fqdn of the vRA appliance.
          • ip - The IPv4 address of the vRA appliance.
      • Collector Groups
        • Not required for this example.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{vrslcm.fqdn}/lcm/lcops/api/v2/environments' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {admin@local credential hash}'
--data-raw '{
  "environmentId": "{environemntId}",
  "environmentName": "Production",
  "infrastructure": {
    "properties": {
      "dataCenterVmid": "{dataCenterVmid}",
      "regionName": "",
      "zoneName": "",
      "vCenterName": "vcs01",
      "vCenterHost": "vcs01.thecloudxpert.local",
      "vcUsername": "{vcUsername}",
      "vcPassword": "{vcPassword}",
      "acceptEULA": "true",
      "enableTelemetry": "false",
      "defaultPassword": "locker:password:{vmid}:{alias}",
      "certificate": "locker:certificate:{vmid}:{alias}",
      "cluster": "{datacenter}#{cluster}",
      "storage": "{vcDatastore}",
      "folderName": "",
      "resourcePool": "",
      "diskMode": "thin",
      "network": "{network}",
      "masterVidmEnabled": "true",
      "dns": "{dnsServer1},{dnsServer2}",
      "domain": "thecloudxpert.local",
      "gateway": "{ipv4Gateway}",
      "netmask": "255.255.255.0",
      "searchpath": "thecloudxpert.local",
      "timeSyncMode": "ntp",
      "ntp": "{ntpServer1},{ntpServer2}",
      "isDhcp": "false"
    }
  },
  "products": [
    {
      "id": "vrops",
      "version": "8.10.0",
      "patchHistory": null,
      "snapshotHistory": null,
      "logHistory": null,
      "clusterVIP": {
        "clusterVips": []
      },
      "nodes": [
        {
          "type": "master",
          "properties": {
            "vmName": "vrops",
            "hostName": "vrops.thecloudxpert.local",
            "ip": "{vmIpv4Address}"
          }
        }
      ],
     "collectorGroups": null,      
      "properties": {
        "certificate": "locker:certificate:{vmid}:{alias}",
        "productPassword": "locker:password:{vmid}:{alias}",
        "licenseRef": "locker:license:{vmid}:{alias}",
        "disableTls": "",
        "fipsMode": "false",
        "timeSyncMode": "ntp",
        "masterVidmEnabled": true,
        "ntp": "{ntpServer1},{ntpServer2}",
        "affinityRule": false,
        "configureAffinitySeparateAll": "true",
        "deployOption": "xsmall",
        "isCaEnabled": "false",
        "contentLibraryItemId": ""

      }
    }
  ]
}'

Note:
Remember, the –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the request id:

{
    "requestId": "74b67c6a-fca7-4538-8a63-5326d8226d33"
}

We can track the progress of vRSLCM requests via the API. Check out Using the vRealize Suite Lifecycle Manager (vRSLCM) API to track vRSLCM Requests for more information.

Once the state of the vRSLCM request is COMPLETED then the installation of vROps will have finished.

Assuming everything went successfully, vROps should now be installed into the existing Production vRSLCM environment along side vRealize Automation!

Wrapping It All Up!

In this post we used the vRSLCM API to deploy vROps 8.6.2 in a standard (single node) deployment model. To enable us to do this, we created a self-signed SSL certificate and added the vROps OVA into vRSLCM so it could be used as a source of the deployment. When deploying vROps, we looked at the two different ways to do this, either creating a new vRSLCM environment or adding it to an existing vRSLCM environment.

If this API this snippet has been helpful, make sure you checkout the rest of the series !

Published on 27 August 2022 by Christopher Lewis. Words: 3122. Reading Time: 15 mins.


Blog Categories: VMware vRealize Suite Lifecycle Manager vRealize Operations
Related Post(s):
Recent Posts:

Blog Categories:
active directory 6 aria automation 6 aws 2 blog 1 career 1 certificate authority 5 certificates 1 certification 91 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 hands on labs 1 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 professional 1 reviews 1 vcap 48 vcap6 2 vcenter server 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware aria 1 vmware aria automation 6 vmware aria operations 1 vmware cloud 3 vmware cloud director 1 vmware explore 2 vmware identity manager 2 vmworld 36 vrealize automation 78 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 11 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 5 vsphere 9 windows 6
Top Tags:
active directory 6 api 18 barcelona 24 certificates 15 certification 7 howto 42 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 8 vcap6 45 vcap6 cma 47 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmware aria 6 vmware aria automation 6 vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize 7 vrealize automation 74 vrealize operations 8 vrealize orchestrator 20 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12