Wow.. time flies. I’m sorry I’ve neglected you my poor blag. I’m taking a break from pentesting and figured I would update everyone on my vRA progress.
I’ve been working hard to get vRealize Automation configured so it can be implemented for us. I was hung up on issue after issue after the Infoblox integration was properly setup and tested.
After upgrade after upgrade fixing issues with this product I finally landed on a version that seemed stable. We are currently running vRA 7.5 HotFix 2.
I was trying to deploy machines and then use the built-in vRealize Automation subscriptions to trigger multiple workflows in vRO during the PRE – MACHINE ACTIVATED phase. The issue I was running into was with the built-in workflow of “Run program in Guest”. This workflow would always run and always say that everything completed but about 30% of the time it would not actually run the script in the guest. (Even though it was reporting back a green check-mark in vRO saying all is good).
For the life of me I could not figure out why sometimes these scripts would execute and sometimes they wouldn’t. I have no control to change anything using the built in mechanism of having vRA trigger them but I was trying to start easy.
Through our VMware channels I was finally put in touch with an engineer who told me not to run multiple subscriptions in the same machine phase using the priority value to trigger them in order. (Which I would argue to the engineers why was it set up this way if you don’t want people to use it that way).
His recommendations for me was to move the trigger logic of which workflows I want to run (and in what order) all into vRO and setup one subscription for the phase PRE MACHINE ACTIVATED. In essence linking all of the other workflows I had into one master workflow and trigger that master workflow in PRE MACHINE ACTIVATED.
This was a little bit of work but in a day or two I had everything setup and working with the new mechanism…. and guess what? This intermittent problem I had with “Run Program in Guest” cropped up in the new way of doing things… so I think this is a vRO issue. (I haven’t looked to see if was fixed in a later version and have not yet opened a case with VMware).
Still 30% of the time I was receiving an all green in vRO but the script was not executing (which in this particular case was resetting the password on the box). I put forth a temporary work-around that seems to be working.
Temporary Work Around:
In order to properly set this up I was running a workflow to copy a file down to the box and then executing another workflow (“Run program in guest”) to actually execute it. (My PowerShell scripts are configured to delete themselves after they run).
With the power of vRO, I basically put some error checking in place after the script supposedly ran, to login in to the VM and run another built-in workflow to check and see a file exists. If the file exists, I send it back to re-run the script again. Also, if the check of the file existing fails because the credentials were never set properly because the script didn’t run… I send it back to run the password reset script again. This basically becomes an endless loop until the script executes properly. (see below).
Still a work in progress but this has allowed me to start working on scripting our VM imports so vRA can start to get used by internal groups!