Aria Automation/vRealize Automation : integrate pipelines in a Cloud Template, Ansible example.

Aria Automation allows to integrate Ansible (Ansible Automation Platform – new name of Ansible Tower - and also AWX) and thus create Cloud Templates that have not only the part provided as standard by Aria Automation for the creation of VMs but also their content via Ansible.

But what happens when it comes to performing operations that do not have the provisioned machine as the execution location? By that I mean the classic examples like the integration of the VM with the DNS, supervision, CMDB, backup and a whole lot of peripheral tools that must take note of this new VM. The execution of these scripts is done from a centralized machine (most of the time the Ansible machine itself) and not the provisioned VM.

Let’s take the example of DNS in an infrastructure with AWX: it is the Ansible machine that will discuss with the DNS centrally to add this new VM. However, in the Cloud Template, I cannot add the Ansible node (because otherwise Aria Automation will consider that it must be provisioned and therefore make a rip and replace… oops). Similarly in Aria Automation, when I select an Ansible object I have to assign it to a machine that will therefore run the Ansible Template, which I do not want since it must be run from the Ansible machine. How do we do that?

The answer is simple: it cannot be done OOTB in the Cloud Template Canvas (except very complicated development in Aria Automation Orchestrator, unsupported and unreadable).  There is a very simple way that I will explain.

To do this, we will first use the Aria Automation Pipelines component that we will integrate into the Cloud Template afterwards.

For a more detailed overview of Aria Automation Pipelines, I encourage you to visit : https://docs.vmware.com/en/VMware-Aria-Automation/8.16/Using-Automation-Pipelines/GUID-3625AE99-C60C-4517-803B-18C526ADCFF1.html

Initial assumptions:

We have an AWX configured properly and a «HelloWorld» template that points to a simple helloworld2.yml that just displays a variable to also explain how to pass the variables (to answer all the problems that will arise).

Important note: in order for Aria Automation Pipelines to be able to modify extra_vars, you must enable the "prompt on launch" option on these parameters, otherwise it will not be able to replace them (because it is an external call/API).

Ansible is reachable and integrated into Aria Automation as needed.

Phase 1, secrets in Aria Automation Pipelines :

We will already store our credentials separately in Aria Automation Pipelines to make it cleaner by using the "secrets" part, for this, go to "Configure -> Variables" and create a secret variable with the AWX token.

Note:  think about being on the same project in all the objects that will be created: the secrets, the pipeline and the cloud template, otherwise there will be an error when running the cloud template that will not find the resource pipeline (even if the id of the latter is the right one, thank you our good old RBAC).

Phase 2, the pipeline :

All steps are REST steps, I don’t describe how to create a pipeline, add a step and gateways, there are plenty of sites for it (for example : https://docs.vmware.com/en/VMware-Aria-Automation/8.16/Using-Automation-Pipelines/GUID-CA20A21C-DE2A-4D3E-B80E-C1961C0D81BC.html  ).

The first thing we will do is create a variable of type input (to be able to pass the name of our machine as parameter (extra_vars) to the Ansible job.

Then we’ll create the steps.

Step 1 : we will start by triggering an inventory

The most important here is the REST call that must include the Bearer token to connect to Ansible (token that is stored in the secrets of Aria Automation Pipelines).

URL : https://awx.domain.local/api/v2/inventories?search=Demo+Inventory

Step 2 : we look for the Ansible Job's id

URL : https://awx.domain.local/api/v2/job_templates?name=helloworld

We retrieved the output id of the previous step (Get Job Id By Name) to put it in the POST command to launch the template.

URL : https://awx.domain.local/api/v2/job_templates/${Stage0.Get Job Id by Name.output.responseJson.results[0].id}/launch/

Note the payload details :

{

  "inventory": 1,

  "limit":"localhost",

  "extra_vars": {

    "machine_name": “${input.machine_name}”

  }

}

this is where we add the extra_vars to be passed to the Ansible job (in particular to give the name of the machine to be passed to the AD or DNS), I retrieve my input variable from the Pipeline in passing.

Step 3 : you have to make sure that the work is well done, so we will wait for the job's return status

URL : https://awx.domain.local/api/v2/jobs/${Stage0.Launch Template.output.responseJson.id}

The most important are the exit criteria

Phase 3 : local testing & validation

After validating the pipeline (and tested since it can be launched directly from Aria Automation Pipeline or Aria Automation Service Broker), we get its id (we can do it through the API, but it is easier to look in the url😊) 

Note: We could also stop there and put the pipeline in the catalogue to use directly. The goal here is to go further to take advantage of the advanced features of the Cloud Template.

Phase 4 : Cloud Template creation in Aria Automation Assembler

Here, no object to move in the canvas because it does not exist, we will use the Infrastructure as Code directly: 

formatVersion: 1

inputs:
  Name:
    type: string
    title: Nom de la machine
resources:
  pipeline.test:
    type: codestream.execution
    properties:
      pipelineId: e1e42015-bc6d-4f99-b5e2-73d1f0b9f4f4
      inputs:
        machine_name: ${input.Name}
      outputs:
        computed: true

I voluntarily left an input part to show that we will be able to pass parameters to the pipeline entries (and therefore the Ansible template) if needed, such as the name of the machine.

In a more elaborate Cloud Template, we will put one or more machines in the Canvas and pass the names or IP deployed to the pipeline.

We can now launch the deployment.

Outcome :

I have a pipeline resource created in my deployment with all the information (input, output).

In Aria Automation Pipelines, I notice the execution of my pipeline (similarly, a tag was automatically added to specify that it was launched using the "catalog").

And in AWX, I see the execution of my job:

Conclusion :

You can now integrate any type of Pipelines from Aria Automation Pipelines (not just Ansible in fact) into a Cloud Template by taking advantage of the inputs and other notions available to call them and make a Cloud Template that is complete.

Now it’s your turn.

Refs and inspirations :

Using vRealize Automation Cloud Template to execute a pipeline (veducate.co.uk)