Skip to main content

Initial Configuration of vRealize Automation 7

vRealize Automation 7 (vRA 7) has lot of enhancements and changes compare with vRA 6. There are plenty of introductions available in internet. The initial configuration is different with vRA 6. I'm going to share my experience. You can easily build up LAB or POC by following this post.



[do_widget "Language Switcher" wrap=aside title=false]

In the last step of installation wizard, I don't select the option to create initial contents. The pre-build initial contents somehow confused me. So once the installation is completed, you should login by the account administrator. It's same function with SSO administrator account of vRA 6.

Edit the default tenant after login.



Add a new account in Local users tab.



Search the account and add it to both tenant and IaaS administrators role in Administrators tab.



Logout and login by the new account.

Go to Administration -> Directories Management -> Directories. Add a new directory.



The Active Directory (Integrated Windows Authentication) option does not work for me. It always gives me error message below.

Connector communication failed because of invalid data: The specified Bind DN and password could not be used to successfully authenticate against the directory.




Go to next page. Make sure you select the proper domain.



The next page show attribute mapping of VMware Identity Manager and Active Directory. You can keep it default setting unless you want to bring some special attribute from AD to VIM.



The next page you can select groups you want to sync from AD to VMware Identify Manager. Since vRealize Automation 7 retrieves credentials from VMware Identify Manager instead of Active Directory directly. So it's better you select all groups you may want to use on vRA in future.

For example, my domain groups locate in contoso.com/Customized/Groups/, the group DN is OU=Groups,OU=Customized,DC=CONTOSO,DC=COM.

Click Find Groups button after that. vRA shows you groups it find. Then click the More than xxxx link below to find and select groups if you want to sync particular groups, or you can just check Select All option to sync all groups under the DN.



Following screenshot shows how to select particular group after click More than xxx option on above screenshot.



Next page requests you input the DN that contains domain account that you want to sync, similar like group DN.



You may see warning below if you are syncing a large Active Directory. Choose according to your reality.



Logout and login again by Administrator@vsphere.local once the initial syncing is completed.

Go to Tenants again to adding domain groups or users to Administrators group.

Now the vRealize Automation 7 is ready to go with full administrator permission by domain account.

Popular posts from this blog

Connect-NsxtServer shows "Unable to connect to the remote server"

When you run Connect-NsxtServer in the PowerCLI, it may show "Unable to connect to the remote server".  Because the error message is a little bit confusing with other login issues. It's not easy to troubleshoot. The actual reason is the NSX-T uses a self-signed certificate, and the PowerCLI cannot accept the certificate automatically. The fix is super easy. You need to set the PowerCLI to ignore the invalid certificate with the following command: Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction:Ignore -Confirm:$false

Setup Terraform and Ansible for Windows provisionon CentOS

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it's a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system. Install required repos for yum. yum -y install https://repo.ius.io/ius-release-el7.rpm yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum -y install https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm yum -y install epel-release yum -y install yum-utils yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo Install  Terraform . sudo yum -y install terraform Install  Ansible . sudo yum -y install ansible Install  Kerberos . yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation

How to List All Users in Terraform Cloud

Terraform has a rich API. However, the API documentation does not mention how to list all users. We can leverage the organization membership API and the PowerShell command  Invoke-RestMethod  to get a user list. 1. Create an organization token in Terraform Cloud. 2. Create the token variable ( $Token ) in PowerShell. $Token = "abcde" 3. Create the API parameters variable in PowerShell. $params = @{ Uri = "https://app.terraform.io/api/v2/organizations/ZHENGWU/organization-memberships?page%5Bsize%5D=100" Authentication = "Bearer" Token = $Token ContentType = "application/vnd.api+json" } Note: You need to replace ZHENGWU with your own organization name. And I used 100 at the end of the URI to retrieve the first 100 users. It can be any number.  4. Retrieve the API return and list the user's email address. $Test = Invoke-RestMethod @params $Test.data.attributes.email