Once vRO and the Puppet plug-in are configured, you can use vRealize Automation (vRA) to request servers using blueprints.

Note: If you haven't yet installed vRA, refer to the vRA documentation.

Designing blueprints with Puppet features

In the previous version of the starter content we shipped Blueprints that you could install via CloudClient, but with vRA 7.3 Enterprise and the Puppet plug-in for vRA 3.0, it is simpler to create a new blueprint from scratch using the new Puppet component in the GUI. Follow these instructions to create your own blueprints.

Note: You can still access the previous version of these docs for consuming those prebuilt blueprints for vRA 7.x here and download them from this branch of the starter content.
Note: For detailed information about designing vRA blueprints, consult the vRA documentation.

vRO/vRA property reference

The Puppet plug-in uses the following properties for blueprint and workflow development.

They can be used when creating traditional IaaS blueprints without the Puppet GUI component in vRA 7.3 Enterprise. There is a hierarchy of assignment for these properties. Properties that are set in the GUI override VRA properties set at the VM or tenant level. For certain properties there is a second override version of the property that takes precedence over the non-override version.

vRO JavaScript variable name vRA property name Type Description
puppetRoleClass Puppet.RoleClass string The fully qualified Puppet class that implements the node's role.
puppetCodeEnvironment Puppet.CodeEnvironment string The environment on the Puppet master in which vRO should look for Puppet code.
puppetNodeCertname Puppet.Node.Certname string The Puppet agent sets this based on the node's certname, which is based on its fully qualified domain name.
puppetAutosignSharedSecret Puppet.Autosign.SharedSecret secureString The shared secret that nodes should provide to the Puppet master in order to autosign certificate requests.
sshUsername Puppet.SSH.Username string Username used to connect to a node via SSH.
sshPassword Puppet.SSH.Password secureString Password used to connect to a node via SSH.
winRMUsername Puppet.WinRM.Username string Username used to connect to a node via WinRM.
useSudoPuppet.SSH.UseSudoBooleanUse sudo commands run on a node via SSH. This requires NOPASSWD sudo for the user defined in sshUsername.
winRMPassword Puppet.WinRM.Password secureString Password used to connect to a node via WinRM.

vRO/vRA actions reference

The Puppet plug-in ships with several actions that can be used in workflows and integrations with vRA, for instance to populate the contents of input fields or dropdown menus.

For more information, see the vRA documentation for actions.

Action name Description
escapeShellArgument Used internally by the plugin to escape a string used in a shell command.
escapePowerShellValue Used internally by the plugin to escape a string used in a PowerShell command.
escapeJSON Used internally by the plugin to escape a JSON string for stuctured facts or other uses.
getSectionText Used internally by the plugin for parsing Error messages.
formatShellArguments Used internally by the plugin to format and escape a set of strings containing arguments to a shell command. Calls escapeShellArgument.
executeCommand Used internally by the plugin to execute a shell command on a Linux Puppet master.
getMasters Returns an array of strings containing the UUIDs of all of the Puppet:Master objects in the vRO inventory. Returns [""] if there are no Puppet:Master objects.
getMasterByUUID Returns a Puppet:Master object given a UUID string. Returns null if there is no object matching that UUID.
getEnvironments Returns an array of strings which are the environment names on the Puppet:Master specified by a UUID. Returns [""] if there are no environments.
getRoleClasses Returns an array of strings which are role class names on the Puppet:Master specified by a UUID and in a specified environment. Returns [""] if there are no role classes there.
getRoleClassesWithDescriptions Used internally, returns specially formated JSON string used by vRA 7.3 Enterprise with the role classes and their descriptions from a master's environment. Throws an error if no master UUID or environment name provided. Optionally accepts a filter regex string to limit results.

All actions are visible on the "Actions" tab of the Java vRO client when in "Design" view, where you can view the full source code of each action, including parameters and return types.

Encrypting content with eyaml

Securing passwords used in the manifest is beyond the scope of this reference implementation. As a starting point, many Puppet deployments use Hiera, a key/value lookup tool for configuration, with eyaml, or encrypted YAML, to solve this problem.

This solution not only provides secure storage for the password value, but also provides parameterization to support reuse, opening the door to easy password rotation policies across an entire network of nodes.

For information, see the Hiera documentation and the blog post Encrypt your data using Hiera-eyaml.

Back to top