Once vRO and the Puppet plug-in are configured, you can use vRealize Automation (vRA) to request servers using blueprints.
Designing blueprints with Puppet features
In the previous version of the starter content we shipped Blueprints that you could install via CloudClient, but with vRA 7.3 Enterprise and the Puppet plug-in for vRA 3.0, it is simpler to create a new blueprint from scratch using the new Puppet component in the GUI. Follow these instructions to create your own blueprints.
- Create a Puppet Enterprise master and follow the instructions at the bottom of the starter content README to install the starter content.
- Remove any previous Puppet plug-ins and install the Puppet plug-in for vRealize Automation 3.0 into vRO.
- Follow the vRA 7.3 docs to add a Puppet endpoint (points to your master), and create your Puppet Enterprise blueprints using code from this repo that is now on your PE master.
vRO/vRA property reference
The Puppet plug-in uses the following properties for blueprint and workflow development.
They can be used when creating traditional IaaS blueprints without the Puppet GUI component in vRA 7.3 Enterprise. There is a hierarchy of assignment for these properties. Properties that are set in the GUI override VRA properties set at the VM or tenant level. For certain properties there is a second override version of the property that takes precedence over the non-override version.
|puppetRoleClass||Puppet.RoleClass||string||The fully qualified Puppet class that implements the node's role.|
|puppetCodeEnvironment||Puppet.CodeEnvironment||string||The environment on the Puppet master in which vRO should look for Puppet code.|
Puppet agent sets this based on the node's |
|puppetAutosignSharedSecret||Puppet.Autosign.SharedSecret||secureString||The shared secret that nodes should provide to the Puppet master in order to autosign certificate requests.|
|sshUsername||Puppet.SSH.Username||string||Username used to connect to a node via SSH.|
|sshPassword||Puppet.SSH.Password||secureString||Password used to connect to a node via SSH.|
|winRMUsername||Puppet.WinRM.Username||string||Username used to connect to a node via WinRM.|
|useSudo||Puppet.SSH.UseSudo||Boolean||Use sudo commands run on a node via SSH. This requires |
|winRMPassword||Puppet.WinRM.Password||secureString||Password used to connect to a node via WinRM.|
vRO/vRA actions reference
The Puppet plug-in ships with several actions that can be used in workflows and integrations with vRA, for instance to populate the contents of input fields or dropdown menus.
For more information, see the vRA documentation for actions.
|escapeShellArgument||Used internally by the plugin to escape a string used in a shell command.|
|escapePowerShellValue||Used internally by the plugin to escape a string used in a PowerShell command.|
|escapeJSON||Used internally by the plugin to escape a JSON string for stuctured facts or other uses.|
|getSectionText||Used internally by the plugin for parsing Error messages.|
|formatShellArguments||Used internally by the plugin to format and escape a set of strings containing arguments to a shell command. Calls |
|executeCommand||Used internally by the plugin to execute a shell command on a Linux Puppet master.|
|getMasters||Returns an array of strings containing the UUIDs of all of the Puppet:Master objects in the vRO inventory. Returns |
|getMasterByUUID||Returns a Puppet:Master object given a UUID string. Returns null if there is no object matching that UUID.|
|getEnvironments||Returns an array of strings which are the environment names on the Puppet:Master specified by a UUID. Returns |
|getRoleClasses||Returns an array of strings which are role class names on the Puppet:Master specified by a UUID and in a specified environment. Returns |
|getRoleClassesWithDescriptions||Used internally, returns specially formated JSON string used by vRA 7.3 Enterprise with the role classes and their descriptions from a master's environment. Throws an error if no master UUID or environment name provided. Optionally accepts a filter regex string to limit results.|
All actions are visible on the "Actions" tab of the Java vRO client when in "Design" view, where you can view the full source code of each action, including parameters and return types.
Encrypting content with eyaml
Securing passwords used in the manifest is beyond the scope of this reference implementation. As a starting point, many Puppet deployments use Hiera, a key/value lookup tool for configuration, with eyaml, or encrypted YAML, to solve this problem.
This solution not only provides secure storage for the password value, but also provides parameterization to support reuse, opening the door to easy password rotation policies across an entire network of nodes.
For information, see the Hiera documentation and the blog post Encrypt your data using Hiera-eyaml.