Stage 0: I Should Have Clicked the Button
This post, right here, is one of the reasons why vRA 7 is leagues ahead of vRA /vCAC 6.x. In vRA 6 you had to manually ensure that each of the many, MANY pre-requisites for installing the IaaS server on a Windows machine were exactly right before trying. If even the slightest detail was incorrect you had to start over again (and I mean from the vRA appliance forward. It broke everything). vRA 7 has a nice pre-req checker that tells you if your out of compliance with any of the requirements and wont let you continue until you’re done. Crucially, it has a button labelled “Fix” that I didn’t know about that will sort EVERYTHING for you automatically. I didn’t know about this the first time so spend a good few hours manually sorting all the pre reqs before starting. This was a waste of time…
So, if you want to get going quickly and easily keep reading. If you wan to see what is required first hand in getting a server ready for an IaaS install (and it is interesting to see how it all fits together) I would like to direct you to the alternative version of this bog “Part 3 a”<<<COMING SOON>>>
Stage 1: Getting Your Server Ready
NOTE: I’m assuming that you have provisioned a vanilla Windows 2012 R2 server ready to be used as the IaaS server. It must be:
- Part of the same domain as the vRA appliance
- Be registered in DNS
- Have no ports blocked between it and the vRA VA (personally I just turn the FW off in the lab).
- Meet the minimum system requirements of 2 x vCPU, 8GB RAM, 30GB HDD space (in addition to Windows)
- For a lab environment you CAN drop the RAM after install but not before completion.
Stage 2: Install IaaS Management Agent
Before starting the main install of the IaaS server you need to install the IaaS Management Agent on the IaaS server (It looks for it in the initial setup). You can get this by navigating to the URL https://<VRA Appliance FQDN>:5480/installer on the iaas server.
This brings up a page with various packages available for download from the vRA7 appliance server. We’re interested in the top one at this time. Click the link to download the Management Agent Installer.
Save this file somewhere easy on your IaaS server and then run the installer to start the wizard. Continue through until you reach the Management Site Service window.
At this stage you’ll be asked to fill out a few important fields. The main thing to note here is that if you get the vRA appliance address incorrect (or the UN/pwd) you will be unable to load the SHA1 fingerprint and continue.
You also have to tick the box confirming that you know the fingerprint is correct. I’m not checking this in this guide but you should do in a production environment (steps on how to do this will be in the “enterprise” deployment blog).
Once you’ve got the URL, Username and Password correct you’ll be able to load the fingerprint and continue.
Next you’ll be asked to ender the active directory account created earlier that will be used to run the Management Agent Service. This must have local admin rights as well as Logon as a service and logon as batch job rights.
NOTE: If you need to enable the logon as a service right for the account but dont know how to Follow this link to the Microsoft TechNet article describing how to achieve this.
Stage 4: Starting the IaaS Install Automation Wizard
Now we’re finally ready to start the main IaaS install and configuration using the new Wizard process. To start, navigate to the following URL in a browser from the IaaS server:
This will bring you to a logon screen where you need to log on as root with the password specified in Part 1 of this blog series.
Once you successfully logon for the first time the Wizard should automatically start.
IMPORTANT: The Wizard will only start ONCE. if you get part way through the process and quit you will not be able to initiate setup via this method again. If this happen you’ll have to use the old fashioned method of install and configuration.
After the EULA you get to select your instillation type. For this exercise we are installing vRA 7 in the Minimal Deployment type so ensure this is selected. You also get the option to deselect the Infrastructure as a Service option to not install the IaaS server portion of vRA (and thus rely on Advanced services and Orchestrator). We want to be able to use the ‘easy’ Blueprints in the test environment so we’re going to install it (i.e. ensure it’s checked as an option).
Now there is the first of two prerequisite check screens. This is checking for the pre-reqs for the install to begin. the screen below shows you how the screen looks if you have NOT deployed the IaaS Management agent on this server already (or if it’s not contactable).
You’ll be unable to proceed unless the agent shows up and can contact the vRA 7 appliance. As we have already installed and configured the agent you should see something like this…
Note: In the above screenshot time sync was out as my windows box wasn’t using the same time sync as the ESXi host. The install fixes this which is why the NTP configuration option is important. It must be set to the same as the source for the appliance.
Next up is the important bit. The prerequisite checker screen. vRA 7 IaaS is still very specific in what you need to be able to successfully install the componant on the Windows server. There’s a LONG list of things that have to be ‘just so’ listed in the manual. If you want to know how everything hangs together and what needs to be changed check out “Part 3a” of my guide where i do everything manual because I thought I had to. If not… Click the Run button and the wizard will go off and start checking the system for you.
Once you’ve click to start the process the screen will show the status. First off you’ll see something like that shown below. The name of the IaaS server is displayed and a “waiting….” style message appears. On my lab this took 3-5 mins.
Soon after you’ll probably be greeted with something like this telling you that your server isn’t configured right…
Now, in vCAC / vRA 6.x this would mean checking every setting it said was wrong (or guessing) or reinstalling if everything looked ok (but wasn’t). In vRA 7, however, VMware have made this bit far, far better that before.
You can simply click the “Fix” button on the pre-req checker screen and the wizard will go off and fix pretty much everything for you (A restart will be required). It looks like this:
I tried this twice and it worked perfectly both times. Your mileage may vary but i gave it a vanilla Windows 2012 R2 server and it behaved brilliantly. Anyone coming from vCAC / vRA 6.x will understand how big of a deal this is!
If y0ur server requires a reboot let it come back up and re navigate to: https://<vr_server>:5480 and log back in as root. The Wizard will (should) restart where it left off. You should find that the wizard restarts at the pre-req checker stage. Re run, ensure things are ok and continue on…
Once you’re done you can continue on to the vRealize Automation Host specification page. you can enter the host manually if you want or, as I prefer, click the Resolve Automatically option and the wizard should resolve the FQDN itself. NOTE: The screenshot below has the Enter Host option selected the one we’re talking about appears beloe.
I actually think this is a good test that everything is working correctly before going any further as the management service SHOULD be able to see the appliance at this point. If you can’t then you might want to fix that first! (Remember NOT to cancel the wizard).
It will look something like this if it’s working:
Once the appliance information has been entered it’s on to specifying the administrator password for the default tenant account. The default tenant account is the part of vRA when you can log in and configure everything important vRA related INCLUDING creating other tenants and setting up permissions for others to use them.
This is the only tenant that can do this so be sure not to lose this password or set it to something completely esoteric for no reason.
We now need to specify the configuration parameters for the IaaS server (the one you’re on).
The IaaS web address should be the same as the DNS entry you’ve set up (i.e. the servers FQDN if you get windows do it when you joined the domain).
The Install IaaS Components on drop down should only have one entry (this server).
The Username field should be set to the domain account you set up right at the beginning that has local admin rights on this server. The password is, obviously, the one you set.
Security Passphrase is very important. Communication to the SQL database will require the use of an encryption key (that you’re setting here). This must be remembered at al costs. Recovery in the event of a failure without this phrase is not possible. I personally like to go with something long but memorable such as “thephantommenacewascompletegarbageandyouknowit” just ensure you remember it!
Next is the SQL server configuration. You don’t have to have pre created a database as the wizard will do this for you. In the lab we’re using default settings and Windows Authentication. Just ensure that the account you’re logged on as / Running the Management agent as is also a dbcreator / sysadmin on your SQL server before continuing.
Next up is the Distributed Execution Managers setup. DEMs are actually two separate processed. The DEM-Orchestrator that takes care of scheduling asks within vRA and the DEM-Worker which handles the actual execution of vRA tasks (up to 15 per DEM-W).
These are installed to an IaaS server (in our case THIS IaaS server) they need a name and a description (I’ve not been very creative in the example below). These processes run as Windows services so the username and password must be from an account that has Logon As A Service Rights in the IaaS system. This is the account we set up earlier.
On to the next step… Agents. This is where you enter the infomration used to set up the communication between the vRA install and you vCenter & vSphere endpoints. vRA will then install and agent that allows communication between the two systems. Remember, vCenter doesn’t know about vRA, it’s vRA that gathers information on vCenter and then send requests. The agent is the go-between / proxy for this two way communication.
IMPORTANT: The Endpoint name and Agent Name fields should be descriptive and the SAME. This is because the explicit name of these two inputs are used in the configuration of vRA down the line and it’s something you have to manually type in and GET RIGHT. Specifically, there’s no way I know of getting the correct Endpoint name if you can’t remember it or didn’t call it the same as the Agent (which shows up in Windows services). So, if you forget and want to configure an endpoint manually for an agent you can’t remember the name of you’re left with a free form text box and not a hope in heck! This is one of the parts of vCAC that seems to have carried over…. It needs to go!
So, enter sensible information and the details of the relevant username and password (that has vCenter Admin rights in this case) and continue. As before, in a production environment this would probably be a separate account.
Now it comes to Certificates. These are tricky in vRA under an enterprise install. BUT, in a minimal install you are allowed to use Self-Signed Certificates. And we are most certainly going to do this! First up is the certificate for the virtual appliance.
The screen below shows the result of the following procedure.
Select the Generate Certificate option.
Type in a relevant Organisation, Organizational unit and country code (the first two can be whatever, the country code needs to be right).
Click Save Generated Certificate and wait a sec.
The screen will refresh to that shown below.
Now on to the creation of the Web certificate for the IaaS server. Same procedure as before using the same values and you should be left looking at a screen as shown below. This is a time saving of about 3 hours and two servers over the enterprise way of doing this section.
Finally… the Manager service certificate. It should pick up that it’s on the same box as the IaaS Web server and use the cert you just generated. It will look something like this.
The wizard is now almost done. It’s time to validate the install. Click the Validate button and you’re away. Progress will be shown like the screenshot below.
Take note of this line. It really does take this long. Go make another cuppa…
After the wait you should be greeted with this. We’re finally ready to install.
The next screen gives very important advice. vCAC 6.x was notorious for failing the install and leaving everything in such a state that you had to rebuild from scratch (yes, seriously) and try again with fingers crossed. Guard against this possibility by snapshotting the vRA appliance, this IaaS server and the SQL server before attempting the install. It’s worth the wait!
Once you’ve done this it’s time to ignore this next screen and press Install.
Now all you need to do is wait while everything gets installed and configured. a pretty helpful status is shown.
NOTE: I ended up with a screen showing “success” and “100%” install but with the final item on the list still showing as in progress. This is, I think, a bug. everything had completed fine and the system functions as expected.
Once the install is complete vRA will ask you for the licence key.
NOTE: You don’t HAVE to enter a key at this time. However, you can’t do anything if you don’t as there’s no free trial period with vRA 7. If you go on without the key you can display the logon page and sign in. However, it just sits there with a spinning wheel and wont load the mains creen
Next to the option to turn on telemetry which sends info to VMware. IMO this product needs all the help it can get (despite being awesome). Turn it on.
Finally there is the option to create a vRA catalog items that will go off and create a suite of blueprints for you to get you started. This is quite a cool idea and takes the guess work out of navigating the interface the first time. it’s basic but its useful.
You simply need to choose a password for a user that will be created called configurationadmin. In the next stage you’ll log in as this user and run the process to create initial blueprints.
Click the Create Initial Content button and you should see:
That’s it! Now it’s time to log in and create some blueprints. This will be covered in part 4 of this series!