مکانیزه کردن ساختار مجازی با vRealize Orchestrator
I was recently convinced by Hersey to present at our Hampton Roads VMUG on automation and orchestration. As this is still a relatively misinterpreted topic, I took the opportunity to differentiate between automating tasks, and combining those tasks to orchestrate complex workflows, along with some examples. What I gathered from the session is that there is a general lack of experience with today’s automation and orchestration platforms, but tons of genuine interest. I’ve felt late to the game the more I learn, but perhaps I’m right on time. Not enough people are headed down this path yet, so If I can help someone get started, that’s fantastic.
Automation and orchestration are not new, but if it’s new to you, rest assured there will never be a bad time to dive in. The toolsets for datacenter and cloud continue to grow in popularity and maturity, bringing features that make the process easier than ever before. These advancements are heavily driven by the software-defined era, where server/storage/network/security solutions are as much software now as the applications running on them. Include the fact that IT shops are having to ultra standardize in order to survive, and you get vendors that buy-in and start developing on these toolsets to ease management and enable automation of their products.
This has opened the door for admins and engineers to begin ‘programming’ their work to increase the speed of deployments. Speed up infrastructure deployments, speed up application releases, everybody’s happy on the path to devops. I realized this through the monotonous yet complex work of building/retiring servers and storage. I wanted to eventually make this process self-service for IT. Our environment was primed and the tools were already owned, just needed to begin building the automation. I went for the workflow platform native to our virtualized infrastructure, and extensible enough to the rest, vRealize Orchestrator (formerly vCenter Orchestrator).
Enough with theory though, let’s move on to a brief overview of Orchestrator, along with some examples of how my developer-in-crime and I have put it to work for us. Hopefully this will spark some ideas out there.
The Orchestrator server can currently be deployed on Windows, as a virtual appliance, or enabled on VMware’s Automation Center virtual appliance. The admin interface is accessed as a Java app and presents a work space to configure your environment, and design/run workflows. It was a bit complicated at first, but once I simplified the general layout in my head, it was easier to understand:
Inventory – Here you’ll find plugins used to automate different endpoints via their native APIs. This is where you configure a control arm to vCenter, Active Directory, SQL etc. and bring those inventories into your kitchen. For example, registering a vCenter server into Orchestrator, provides the vCenter inventory as objects to conduct automation against. These typically come with canned workflows too that you can immediately use, or incorporate into your larger workflows, instead of learning the API and coding their most common tasks. We’ve registered our vCenter, Active Directory, Cisco UCS, and Horizon View servers, and that’s just the start. Vendors such as F5, EMC, Infoblox, HP, Hitachi… continue to release plugins for their systems. You don’t have to wait on a vendor though if you have automation needs now. Orchestrator includes SSH, SOAP, and REST plugins to control any system with those hooks (think issuing commands to a switch in an SSH session).
Workflows – Here you’ll find the canned workflows, and a canvas for your own orchestrations. These are the executable objects that conduct whatever magic you design via API calls, Powershell scripts, you name it. This is where we build reusable automation building blocks, and can combine them into larger orchestrations.They can be kicked off from here, or published to different front ends, most commonly the vSphere Web Client. From there you have the nifty option to associate certain workflows with objects in vCenter (think of right-clicking a VM for an add-disk/format/update-CMDB workflow). Our goal is to eventually hook these into a real self-service portal, and start getting all private-cloudy.
The other areas include boilerplate type work objects called Actions, configuration values called… Configurations, and a place to store graphics/files/documents called Resources. I’m not here to describe every component or feature though, because it’s loaded, but these are the main tools in the bag. I’ll jump straight to two examples of workflows we’re developing.
1. Deploy Virtual Server – and related Ops stuff.
We mapped out the operational tasks involved with deploying a new virtual server, and began addressing each one. Some tasks were native vCenter work, and thus we found pre-built workflows that were ready to drop into ours with a little tuning:
- Deploy VM from Template
- Change vCPU
- Change vRAM,
- Add vDisks
Our other non-vCenter tasks required leveraging either configuration management systems, or Powershell scripting. Due to the lack of a mature config system in our environment, we rolled with Powershell to conduct:
- Format Disks
- Antivirus Install
- Add to Patch Mgmt
- Reserve DHCP/Add DNS
- Add Local Admin
We wrote minor Javascript to uppercase servers names, but otherwise were able to conduct everything via Powershell scripts or canned vCenter workflows. Once we designed the options to present when starting the workflow, and mapping those to the appropriate sub-workflows from above, we were set. We could now complete the end-to-end processes for basic servers by kicking off a 15 minute workflow, versus passing it back and forth between departments over the course of a week. We look to include installing SQL, configuring backups, enabling monitoring, and making fresh coffee, but this is a great foundation for future self-service.
2. Create Departmental Shares
Another candidate for orchestration was the setup of departmental shares on our Isilon NAS systems. This is a great example of leveraging Orchestrator for processes outside the realm of virtualization. This time, there were no pre-built workflows for any of the tasks. I realized our NAS had SSH enabled though, and through that connection the necessary CLI commands could be issued. So I broke open the Isilon CLI admin guide, found the appropriate commands, and built workflows to connect to the NAS systems and conduct:
- Create Directory
- Start Replication
- Set Quota on Source
- Set Quota on Target
The remaining tasks were related to securing permissions, easily tackled by Powershell:
- Create Dept Share Groups in AD
- Find Dept Users in AD and Place in Groups
- Apply Permissions on Directory for Groups
This workflow simply asks for the department code and it’s quota size, and then will complete in about 1 minute. Powershell does the dirty work of validating that department code in Active Directory, creating groups, and placing the correct users in them. From there, the share is created on the NAS with appropriate permissions, quota, and replication.
These are our first two completed orchestrations, but has opened our minds to realize plenty of other awesome opportunities. It’s so much more than just completing tasks automatically. It’s about creating repeatable standards to simplify a service catalog, and eliminating the hard and soft costs of configuration drift. We should all be striving for a standardized and automated datacenter or cloud, so come join the fun! Your own ITaaS isn’t that far away.