Cloud Services

Enterprise Marketplace

VMware Aria Automation integration
Published On Jun 13, 2024 - 1:04 PM

VMware Aria Automation integration

Instructions for integrating VMware Aria Automation (formerly vRealize Automation (vRA)) with Kyndryl Modern Operations Applications.
Before you can create catalogs using the services provided by VMware Aria Automation, you must link the two systems using WebHook.
Aria Automation was called vRA when this procedure was developed, so it is referred to as that throughout the code.

Roles required

The following roles are required for integration of Aria Automation:
  • Platform Administrator:
    Needed for generating a WS Token.
  • Catalog Administrator:
    Needed to run the wiring adapter process.

Procedure

To link Kyndryl Modern Operations Applications with Ara Automation, complete the following steps:
  1. In Kyndryl Modern Operations Applications, navigate to the
    Developer Console
    . To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. Click the
    Bearer Token
    tab.
  3. Click
    Display
    to generate and display a bearer token.
  4. Click the
    Copy
    icon to copy the token. Put this somewhere secure, as you will need it later.
  5. Run the following API to generate the WS Token. This API will use UserName/userID and API key as Authorization along with the bearer token in the
    Authorization
    tab in Postman.
    • Method:
      POST
    • API
      :  <Env>/api/wsmesh/v1/config/tokens
    • Parameters:
      • Name:
         This name must be unique in the system.
      • Broker:
         Use
        “mcmp:consume:service”
        .
      • Single_use
        : Set as
        false
        if you want to use the WS Token multiple times, or
        true
        if you only want to use it once.
  6. In the Version 4 section, click
    Generate a version 4 UUID
    . Record the Proxy ID for later.
  7. Log in to the Proxy Adapter service and pull the latest Proxy Adapter Code from Git to the specified folder.
    • VM IP
      : 169.45.173.124
    • Path:
      /root/websocket-setup
  8. Navigate to the
    proxy-adaptor-tarball
    folder and verify the Docker JSON for Image Name (set it to 'latest' for master and ' release-YYYY.MM.DD' for Release setup).
  9. Run the
    tar ball
    command:
    ./create_tar.sh dockerImages.json "root:<proxy-adaptor-ID>" ) ibmcb-docker-local.artifactory.swg-devops.com/cb-vra-proxy-adapter-int:latest
  10. Change the
    config.sh
    file in
    /root/websocket-setup/cb-vra-proxy-adapter-installer/proxy-adapter-installer
    to reflect your system architecture. For more information about the parameters, see Parameters explanation.
  11. Run
    Run_Setup_sh
    to perform the wiring process. Use the following format:
    ./Master_setup.sh <User ID ><Api-Key>::<Bearer-Token><UserID><API-Key>
  12. Run the command
    docker ps
    and make sure that the Docker container is running. Check the Docker container logs to make sure the connection was made successfully.
  13. Run docker
    logs -f
    and check the Docker container logs to make sure the output looks similar to the following. This indicates the container is running and has an active heartbeat.
The wiring process is complete. You can start discovery and do further testing for Aria Automation using WS Mode.

Docker commands related to container

The following commands are useful for managing your Docker containers:
  • docker logs -f <container ID>:
    Used to check the container logs of the container identified by the ID.
  • docker stop container <container ID>:
    Stops a running/active container identified by ID.
  • docker rm <container ID>:
    Kills/Removes the active container identified by the ID.

Parameters explanation

The following parameters are included in the
config.sh
file.
#websocket configuration
  • ws_adapter=true
  • proxy_id=<Proxy ID generated via UUID tool >
  • host=ibm.gravitant.net
  • application=mcmp:consume:service
  • protocol=<Provider Code >
  • ws_token_name=<token Name used to generate WS Token>
  • ws_token=yIye-<Actual Token >
  • cleanup_proxies=false/true (if you want to clean old Proxy ID ,keep true , else false )
  • unused_proxies=<unused Proxy ID >
#values for ws token name and value secret key for swarm mode
  • ws_token_key=ws_token
  • ws_token_name_key=ws_token_name
#nginx configuration
  • nginx_required=true
  • external_interfacing_required=false
  • nginx_image_name=nginx:1.17.10
  • load_balancer_ip=<IP of LB VM >
  • load_balancer_port=2371
  • load_balancer_user=root
  • external_interfacing_ip=<IP of VM >
  • external_interfacing_port=5678
  • proxy_adapter_ip="Proxy Adapter VM IP"
  • proxy_adapter_user=root
#Advanced configuration, make sure to give proper version for image (e.g. release-2018.08.01) as per artifactory
  • vra_proxy_image_name=ibmcb-docker-local.artifactory.swg-devops.com/cb-vra-proxy-adapter-int:latest
  • vra_proxy_port="3333"
#Advanced configuration, make sure to give proper version for image (e.g. release-2018.08.01) as per artifactory
  • proxy_image_name=ibmcb-docker-local.artifactory.swg-devops.com/cb-vra-proxy-adapter-int:latest
  • proxy_port="3333"
# Consume Configuration
  • con_app_api_end_point=<Env Host-API URL >
#connection protocol configuraiton
  • connection_protocol=https
  • certificate_name=vramutualauth2
#externalvault enabled configuration, value can be true or false
  • externalvaultenabled=false
# set the name of external vault script here
  • vravaultcredscript="getCredentials.sh"
#swarm configuration
If set to true, update the 'image' field value in respective yml file in proxy-docker-compose folder
Use the same image value as configured in vra_proxy_image_name, make sure to give proper version for image (e.g. release-2018.08.01) as per artifactory
Example:
# vra_proxy_adapter_int:
#    image: ibmcb-docker-local.artifactory.swg-devops.com/cb-vra-proxy-adapter-int:latest
swarm_mode_enabled=false
#This is only required if mutual auth is true.
  • mutual_auth=false
  • endpoint_cer_name=vramutualclcrt2
  • endpoint_key_name=vramutualclkey2
# give the ip address or subnet in which the adapters are running. This will ensure that only adapters are able to access the forward proxy port.
# example1: 192.168.1.2  example2: 192.168.1.1/24   Example3: 2001:0db8::/32
# Ensure you provide the public ip of adapter vm, which usually starts with 169.x.x.x and not the private ip which usually starts with 10.x.x.x
  • allowedip=169.45.189.12
#This is only required if mutual auth is true. This has to match the CN of consume certificate.
  • conf_upstream_value=*.gravitant.net
#This is only required if mutual auth is true. Sets the verification depth in the client certificates chain.
  • ssl_verify_depth=2
#This is only required if mutual auth is true. This is nginx forward proxy port.
  • nginxforwardproxyport=12345
# This has to point to consume/api gateway host and port.
  • nginxupstreamserver=cb-qa-1-api.gravitant.net:8443
#This is only required if mutual auth is true. This is nginx host and nginx forward proxy port.
# adapter_con_app_api_end_point=http://169.45.189.14:12345
# This is the name of the file that contains consume ca certificate.
  • consume_ca_cert_filename=combinedca_intermediate.pem
  • cache_urls=test
# Set the valid value for provider code here
  • provider_code='vra'
#Feature flag to use credential api's.By default it will use old deprecated api's.To use the new credentials api, set to false
  • enable_secret_api=true
#Create a new provider of type vRA using the provider_code and provider_name mentioned
  • create_provider=false
#Use the below provider name to create a new provider
  • provider_name="VRA"
Do you have two minutes for a quick survey?
Take Survey