Managing and provisioning infrastructure with vRA and Puppet
Once you have configured vRO and the Puppet vRO Plug-in, you can use vRealize Automation (vRA) to request servers using blueprints.
Designing blueprints with Puppet features
In the previous version of the starter content we shipped Blueprints that you could install via CloudClient, but with vRealize Automation 7.4 Enterprise and the Puppet plug-in for vRealize Automation 3.2, it is simpler to create a new blueprint from scratch using the new Puppet component in the GUI. Follow these instructions to create your own blueprints.
- Create a Puppet Enterprise primary server and follow the instructions at the bottom of the starter content README to install the starter content.
- Remove any previous Puppet plug-ins and install the Puppet plug-in for vRealize Automation 3.0 into vRO.
- Follow the vRA 7.4 docs to add a Puppet endpoint (points
to your primary server), and create your Puppet Enterprise blueprints using code from this repo that is now on your
primary server.
- Puppet endpoint - username: vro-plugin-user
- Puppet endpoint - password: puppetlabs
- Puppet endpoint - use sudo: true
- Puppet component on blueprints - shared secret (cert autosigning): S3cr3tP@ssw0rd!
vRO/vRA property reference
The plug-in uses the following properties for blueprint and workflow development.
They can be used when creating traditional IaaS blueprints without the GUI component in vRA 7.4 Enterprise. There is a hierarchy of assignment for these properties. Properties that are set in the GUI override VRA properties set at the VM or tenant level. For certain properties there is a second override version of the property that takes precedence over the non-override version.
Here is a list of vRO JavaScript variables with their corresponding vRA property names, types, and override values where applicable:
- puppetRoleClass
vRA property name: Puppet.RoleClass
- puppetCodeEnvironment
vRA property name: Puppet.CodeEnvironment
- puppetInstallMaster
vRA property name: Puppet.Master.InstallMaster
- puppetNodeCertname
vRA property name: Puppet.Node.Certname
- puppetNode
vRA property name: Puppet.Node.IPAddress
- ignoreChanges
vRA property name: Puppet.Node.IgnoreChanges
- puppetAutosignSharedSecret
vRA property name: Puppet.Autosign.SharedSecret
- sshUsername
vRA property name: Puppet.SSH.Username
- sshPassword
vRA property name: Puppet.SSH.Password
- winRMUsername
vRA property name: Puppet.WinRM.Username
- useSudo
vRA property name: Puppet.SSH.UseSudo
- winRMPassword
vRA property name: Puppet.WinRM.Password
- puppetAgentAccountUser
vRA property name: Puppet.Windows.AgentAccountUser
- puppetAgentAccountPassword
vRA property name: Puppet.Windows.AgentAccountPassword
- puppetAgentAccountDomain
vRA property name: Puppet.Windows.AgentAccountDomain
- UseHTTPS
vRA property name: Puppet.WinRM.UseHTTPS
- winRMAuthMethod
vRA property name: Puppet.WinRM.AuthMethod
- sshKeyPath
vRA property name: Puppet.SSH.KeyPath
- sshPassphrase
vRA property name: Puppet.SSH.Passphrase
- puppetApptier
vRA property name: Puppet.Extensions.Apptier
- puppetDepartment
vRA property name: Puppet.Extensions.Department
- puppetService
vRA property name: Puppet.Extensions.Service
- keepFailedVMs
vRA property name: Puppet.Debug.KeepFailedVMs
vRO/vRA actions reference
The Puppet plug-in ships with several actions that can be used in workflows and integrations with vRA, for instance to populate the contents of input fields or dropdown menus.
For more information, see the vRA documentation for actions.
Action name | Description |
---|---|
escapeShellArgument | Used internally by the plugin to escape a string used in a shell command. |
escapePowerShellValue | Used internally by the plugin to escape a string used in a PowerShell command. |
escapeJSON | Used internally by the plugin to escape a JSON string for stuctured facts or other uses. |
getSectionText | Used internally by the plugin for parsing Error messages. |
formatShellArguments | Used internally by the plugin to format and escape a set of strings containing arguments to a shell command. Calls escapeShellArgument . |
executeCommand | Used internally by the plugin to execute a shell command on a Linux Puppet master. |
getMasters | Returns an array of strings containing the UUIDs of all of the Puppet:Master objects in the vRO inventory. Returns [""] if there are no Puppet:Master objects. |
getMasterByUUID | Returns a Puppet:Master object given a UUID string. Returns null if there is no object matching that UUID. |
getEnvironments | Returns an array of strings which are the environment names on the Puppet:Master specified by a UUID. Returns [""] if there are no environments. |
getRoleClasses | Returns an array of strings which are role class names on the Puppet:Master specified by a UUID and in a specified environment. Returns [""] if there are no role classes there. |
getRoleClassesWithDescriptions | Used internally, returns specially formated JSON string used by vRA 7.3 Enterprise with the role classes and their descriptions from a master's environment. Throws an error if no master UUID or environment name provided. Optionally accepts a filter regex string to limit results. |
All actions are visible on the "Actions" tab of the Java vRO client when in "Design" view, where you can view the full source code of each action, including parameters and return types.
Encrypting content with eyaml
Securing passwords used in the manifest is beyond the scope of this reference implementation. As a starting point, many Puppet deployments use Hiera, a key/value lookup tool for configuration, with eyaml, or encrypted YAML, to solve this problem.
This solution not only provides secure storage for the password value, but also provides parameterization to support reuse, opening the door to easy password rotation policies across an entire network of nodes.
For information, see the Hiera documentation and the blog post Encrypt your data using Hiera-eyaml.