To maximize the efficiency and to simplify the management of heterogeneous clouds, requires a consumable solution that aids optimized service delivery. ¬†IBM¬ģ Power¬ģ Virtualization Center (IBM PowerVC) and VMware vRealize Automation (vRA) work in concert providing complete automation platform for heterogenous cloud environments reducing the complexity of managing heterogenous resources from a common portal.
IBM PowerVC provides simplified virtualization management and cloud deployments for IBM AIX¬ģ, IBM i and Linux virtual machines (VMs) running on IBM Power Systems. While, VMWare vRA supports a wide range of on-premises virtualization technologies, such as VMWare, Kernel-based Virtual Machine (KVM), Microsoft HyperV, including IBM PowerVC and IBM zVM in addition to public cloud infrastructures, such as IBM Softlayer, Amazon EC2, and Microsoft Azure.
Enabling VMware‚Äôs vRealize Automation Platform for IBM Power Systems allows administrators to provision virtualized workloads for AIX and Linux on PowerVM, along with Linux on z/VM and KVM on z Systems through OpenStack enabled APIs. This helps quick deploy of images using standardized blueprints combined with policy-based governance, assuring automated delivery of infrastructure services that meet the changing business opportunities.
Here‚Äôs a step-by-step guide to provision AIX LPAR on IBM Power System from VMware vRealize Automation tool
Create IBM PowerVC Endpoint
Creating IBM PowerVC Endpoint, enables vRealize Automation to communicate with infrastructure source (IBM PowerVC).
– Configure the endpoint url in the format: https://FQDN/powervc/openstack/service or https://<FQDN> or <IP_Address>:5000
Note: Do not include the /v2.0 suffix in the endpoint address)
– Add credentials and project information. The credentials should be for a user with the administrator role in the specified project (opt/ibm/powervc/powervcrc). PowerVC’s default project is ibm-default, but creating additional projects is supported and encouraged. Each vRA endpoint is specific to an individual PowerVC project, i.e. you may create multiple endpoints pointing to different projects on the same PowerVC host.
– Custom properties: The version property must always be set and it must always have the value “3”. The domain name property must be set if you have vRA 7.3 or later, and it must always have the value “Default”.
VMware.Endpoint.Openstack.IdentityProvider.Version – specifies the version of Openstack Identity provider (Keystone) to use when authenticating an Openstack endpoint.
vRealize Automation collects data from IBM PowerVC endpoints and updates information about virtualization hosts, templates, and images for virtualization environments.
– Data Collection can be initiated manually or can be scheduled to trigger at regular intervals.
– Data Collection can be initiated either from infrastructure source endpoint or compute resources with appropriate credentials.
Create Fabric Group, Prefix, Reservation and its Policy, Business and Custom Groups.
a. Fabric Groups are a way of segmenting our endpoints into different types of resources or to separate them by intent.
b. Create Prefix: When defining a machine component in the blueprint design canvas, Prefixes (names for machines) is required.
c. Create Business & Custom Group: The job of a business group is to associate a set of resources with a set of users while Custom Group enables you to have permissions besides just requesting a blueprint.
d. Creating Reservations and Policies: Allows you to allocate provisioning resources to a business group in a tenant.
Note: You can also create multiple endpoints with different OpenStack tenants, segregated by reservation policies for each tenant to ensure that machines are provisioned to the appropriate tenant resources.
Designing blueprints, allows the admin to create virtual machines blueprints that includes complete specifications of a machine such as build information, networking, security and other software components. This can be employed as a building block to create customized provisioned machines for consumers.
Provisioning workflow: This feature allows blueprint to specify the workflow to be used to provision a machine including specifications such as CPU, memory, and storage. Here‚Äôs a brief note on types of workflows that a admin can choose from
¬∑ CloudLinuxKickstartworkflow: Provision a machine by booting from an ISO image, using a kickstart or autoYaSt configuration file and a Linux distribution image to install the operating system on the machine.
¬∑ CloudWIMImageworkflow: Provision a machine by booting into a WinPE environment and installing an operating system using a Windows Imaging File Format (WIM) image of an existing Windows.
¬∑ CloudProvisioning workflow: Launch an instance from a virtual machine instance or cloud-based image
– For IBM PowerVC the workflow selected is ‚ÄúCloudProvisioning‚ÄĚ.
– Multiple flavors can be selected. Note that the flavors listed here, are created in PowerVC UI.
– “All blueprints are initially created in draft mode. When you’re ready to start using it, publish the blueprint. This will create a catalog item.”
Note: If the ‚ÄúOpenStack image‚ÄĚ template does not list the Operating Systems or images from infrastructure source (PowerVC), then add reservation to the associated endpoint and run data collection again.¬†
Create Service Catalog, Add Entitlements and Create Catalog Items
5.1 Service Catalog : Services are used to organize catalog items into related offerings to make it easier for service catalog users to browse for the catalog items they need and it is designed to list provisioned resources.
– Adding Entitlement to the services determines which users and groups can perform specific actions as shown in below figure.
– Entitlements can also be prioritized and they are specific to business group.
¬†5.2 Create catalog item: Users can browse the service catalog for catalog items that they are entitled to request. ¬†
Deploy VM from Catalog
Access the catalog on vRA and deploy the VMs using blueprints displayed as catalog items.
Select the Catalog Item and make a request for the deployment. You can mention the number of instances, choose pre-defined flavor of deployment.
The status of the Request can be viewed from ‚ÄúRequest‚ÄĚTab.
View Details of the deployed VM from the ‚ÄúItems‚ÄĚ tab. ¬†– Users can manage their provisioned items on the Items tab.
While the VM gets deployed through vRA, the same can be verified from the PowerVC. The state and health of the VM deployed should show as Active and OK.
From the Actions menu, click on ‚ÄúConnect using Console‚ÄĚ and then Click open the Address link and provide credentials to Connect to VM console.
Troubleshooting: Possible error messages that you may encounter while integrating IBM PowerVC with VMware vRealize Automation (vRA).
1.¬†¬†¬†¬†¬† When the Data Collection for PowerVC endpoint fails, few possible errors that you may encounter are as shown below. Ensure that DEM Worker node is properly configured to meet the PowerVC and OpenStack requirements and PowerVC self-signed or untrusted certificate, is added to the Trusted Root of DEM Node. You can the check considerations mentioned above in this document.
¬†Error Message 1:
Endpoint Data Collection failed for endpoint PowerVC-TEST [Workflow Instance Id=261881]
Unable to connect to the remote server.
Inner Exception: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host failed to respond.
¬†Error Message 2:
Endpoint Data Collection failed for endpoint PowerVC-HCST [Workflow Instance Id=269843]
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Inner Exception: The remote certificate is invalid according to the validation procedure.
2. Another possible error message when Data Collection of PowerVC fails.
Error Message :
Inventory Data Collection failed for HostID f5299ef7-xx..xx..xxx…- [Workflow Instance Id=11521]net.openstack.Core.Exceptions.Response.UserNotAuthorizedException: Policy doesn’t allow os_compute_api:os-security-groups to be performed.
at net.openstack.Providers.Openstack.Validators.HttpResponseCodeValidator.Validate(Response response)
at net.openstack.Providers.Openstack.ProviderBase`1.ExecuteRESTRequest[T](CloudIdentity identity, Uri absoluteUri, HttpMethod method, Object body, Dictionary`2
Workaround: Edit the /opt/ibm/powervc/policy/nova/policy.json file to to replace “!” with “role:admin”
for the “os_compute_api:os-security-group” policy rule;
Note: PowerVC does not officially support editing policy.json files
3.¬†¬†¬†¬†¬† Accessing the Infrastructure tabs fails in VMware vRealize Automation (vRA) tool. This issue could be due to limited privileges. Check the credentials and privileges.
4. ¬† The ‚ÄúSuspend‚ÄĚ action is not supported on PowerVC, so suspend will fail with an error: ‚ÄúNotImplentedError‚ÄĚ.
Lifecycle Management of Virtual Machines on vRA and PowerVC
The below tables lists the operations that can be triggered on VMs when managed from PowerVC and vRA.
Using endpoint framework and openstack APIs, VMware vRealize Automation(vRA) can now provision virtualized workloads on IBM Power systems, providing more options and improved user experience for its clients by interacting with IBM PowerVC. This capability in VMware vRA management tool gives flexibility to manage a wide range of on-premises virtualization platforms and public cloud infrastructure from a single console.
IBM PowerVC coupled with vRA allows administrators to provision and configure cloud workloads to automate IT service delivery and simplify hybrid cloud infrastructure management, thereby reducing maintenance and operations costs.
Co-Authors: Manjunatha Hr, Leena Kushwaha
Setareh Mehrabanzad ,Marty Fullam and Alise Spence.