Run scripts in guest OS with vRA ABX Actions - Virtually Potato

[utterances-bot]

Run scripts in guest OS with vRA ABX Actions - Virtually Potato

Thus far in my vRealize Automation project, I’ve primarily been handing the payload over to vRealize Orchestrator to do the heavy lifting on the back end. This approach works really well for complex multi-part workflows (like when generating unique hostnames), but it may be overkill for more linear tasks (such as just running some simple commands inside of a deployed guest OS). In this post, I’ll explore how I use vRA Action Based eXtensibility (ABX) to do just that.

https://virtuallypotato.com/run-scripts-in-guest-os-with-vra-abx-actions

[kuklis]

Secrets are project-specific, so you need to re-create them for each project, if I'm not mistaken.

[jbowdre]

@kuklis You're correct that vRA Secrets are scoped to the Project, but the Action Constants I'm using here aren't bound to a Project and are available for use by any actions within the organization.

[lallydm]

When you are using the powershell function in abx, is there a powershell host involved? Or is it just native to vRA now? Are there any gotchas to be able to run these powershell commands aginst a VM? I've been testing and getting SSL connection errors.

[jbowdre]

Hi @lallydm,

You don't need a separate PowerShell host, the scripts run in a PowerShell container spawned on the vRA instance. There are plenty of gotchas though, like how the environment runs the cross-platform PowerShell Core and thus may not have access to some of the modules available to traditional PowerShell running on Windows. It can also be a bit of a chore to import and use external modules.

Further reading: https://blogs.vmware.com/management/2020/03/vra-abx-powershell.html https://blogs.vmware.com/management/2020/07/how-to-abx-vro-powershell-additional-modules.html

Are you getting the SSL connection errors when trying to Connect-ViServer or something else?

[lallydm]

I'm getting the SSL error when running my powershell script on a windows server being built, running an invoke-webrequest command.

One thing I'm trying to understand coming from vRA 7.6, what event topic would be like a machine provisioned. I need to wait for sysprep to complete to start my script.

[jbowdre]

@lallydm the Compute Post Provision topic that I'm using will probably be the best one for calling an action after the provisioning is completed. This VMware doc has a little bit of information about when each topic gets fired.

I'm not sure if I can help with the Invoke-WebRequest SSL issue though. You might try troubleshooting by running the same commands directly in the guest after the vRA deployment is completed to see if you get different results.

[jedisamui]

Curious. Did you run into any issues with the customizationspec and 'compute post provision'? I'm seeing issues where the compute post provision action attempts to run between the first and 2nd reboot of the customizationspec before the vm has a chance to complete "joining the domain" and ready for the next task.

[jbowdre]

@jedisamui Hmm, no, I've not encountered that at all. I believe the Compute Post Provision event should fire after the VM customization is completed on the vSphere side - or at least that's how it's always worked for me since ABX is able to use domain accounts to log into the newly-provisioned guest.

[Ectoplasm88]

I'm curious if there is an easy way to set the vCenter variable based derived from the machine resource instead of a custom property set in the template? I'm brand new to ABX actions and vRA 8 so I have a bit of a learning curve. I'm much more fluent in vRO and to make this work right now I can only think of having another extensibility task that kicks off and runs a vRO workflow that adds a custom property for the vCenter that runs before this ABX action does. Is there another better way of doing this all in ABX/Powershell.

[jbowdre]

@Ectoplasm88 I'm sure there is a better way to do that.

I'm actually working through a near-complete rebuild of my vRA setup using things I've learned in the past year or two with the goal of making it more flexible/dynamic and getting away from as many hard-coded values as I can. Addressing the vCenter variable in particular is near the top of my list. My initial thought is to do almost exactly what you describe: have vRO append a custom property identifying the owning vCenter to the VM resource during the provisioning stage so that the ABX script can just read it directly.

I'll have another series of posts covering that (and other) changes once I get everything working again. In the meantime, please do let me know if you come up with a better solution!

[Ectoplasm88]

Thanks for getting back to me so quickly John! This was a great post that helped me out a ton. Today I put together a vRO action with all of the powershell I needed. I then created a workflow and subscription where I just gather everything I need, including the vCenter, and pass all of the values into the action as a step in the workflow. Works like a charm so far in my limited testing! Looking forward to your updated posts!

[bcarnegie]

Is it possible to modify the script/blueprint to allow the modifications of multiple drives? C, D, E ?

[jbowdre]

@bcarnegie,

I'm sure it would be possible... I just haven't had any time to dig into it yet. Were you thinking about deploying off a template with multiple drives or adding those on the fly at the time of deployment?

[souzader]

Hi John , Did you had any chance to run abx on linux VMs? I'm asking because I'm not able to run an abx in powershell just to after provision the vm, run a script that is inside the vm.

something like this, but fails.
Get-VM -Name $vmName | Invoke-VMScript -ScriptText "/tmp/join.sh -U $user -D domain.int -P $passvra -T test -y" -GuestUser root -GuestPassword $winPwd

vm rhel 9.1 vmtools 12.1.5

[jbowdre]

Hi @souzader,

No, I'm afraid I haven't had a chance to test this with Linux VMs. I've also shifted roles a bit and am no longer doing as much work with vRA so I don't expect to revisit this in the future.

Best of luck on figuring this out though! I'm sure there's a way to do it.

[bcarnegie]

Hi John

I know you aren't doing much vRA work anymore (or any) but I was hoping you might be able to answer a quick question. I am attempting to use a modified version of your script from above to run a command on a newly provisioned VM. This script runs a powershell script on the VM itself to install an application. No matter what I do, it doesn't appear to want to run the command. Any thoughts?

[jbowdre]

Hi @bcarnegie,

Hmm, debugging this can be a little tricky since you've got so many abstraction layers going on. If there's not anything useful in the ABX logs, I'd take a look at the VM logs on the datastore to see if there are any clues. You can then look at the VMware Tools logs inside the guest as well. Checking those logs should at least help to identify where things are failing.

Good luck!