Configure vRealize Build Tools for vRealize vRA/vRO 8.x

Operating System for Developer Host/Workstation

  • I used Windows 11 64-bit (I created a new Windows VM to have a clean environment and to make use of snapshots if needed)
  • I created a local Windows user named User1, if you have a different user name then be aware you will need to change the local home directory paths in the following steps to reflect your username. Ex: C:\Users\{username}

Java

setx JAVA_HOME "C:\Program Files\Java\jdk-17.0.5"
setx PATH "%PATH%;%JAVA_HOME%\bin"

Maven

setx PATH "%PATH%;C:\Users\User1\Documents\Dev\apache-maven-3.8.6\bin"
  • Close the existing Command Prompt and open a new Command Prompt (for the new Path to take effect)
  • Run mvn at the Command Prompt, this will test the path is working
mvn -v

vRBT Repository

NodeJS

Create Keystore for vRO package signing

  • Open a Command Prompt and run the following commands
keytool -keystore archetype.keystore -genkey -alias dunesrsa_alias -storepass 'VMware1!' -keyalg RSA 
keytool -delete -alias dunesrsa_alias -storepass 'VMware1!' -keystore archetype.keystore
keytool -genkey -keyalg RSA -keysize 2048 -alias dunesrsa_alias -keystore archetype.keystore -storepass 'VMware1!' -validity 3650 -dname "CN=Project,OU=Department,O=Company,L=City,ST=State,C=XX,emailAddress=administrator@vsphere.local"
  • In Windows Explorer, right click the newly created archetype.keystore and choose Compress to ZIP file. Name the new zip file archetype.keystore-2.0.0.zip

Configure Artifactory

Generate the Private Key and Certificate for vRO Package Signing

openssl genpkey -out private_key.pem -algorithm RSA
openssl req -new -key private_key.pem -out csr.csr
openssl req -x509 -days 999 -key private_key.pem -in csr.csr -out cert.pem
  • In File Explorer, copy the new private_key.pem and cert.pem from the Home Folder (C:\Users\User1) to desired location (I used C:\Users\User1\Documents\Dev\certs\)

Create Maven Settings.xml

  • Create the Settings.xml in the C:\Users\User1\.m2 folder
  • Replace the file paths with the ones that match your environment
  • Replace the Artifactory and vRA/vRO host names
  • Replace credentials as needed
  • You can use this file as an example (for insecure lab use only):
<?xml version="1.0" encoding="UTF-8"?>
<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd"
    xmlns="http://maven.apache.org/SETTINGS/1.1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <profiles>
        <profile>
            <id>packaging</id>
            <properties>
				<keystoreGroupId>com.vmware.pscoe.build</keystoreGroupId>
				<keystoreArtifactId>archetype.keystore</keystoreArtifactId>
				<keystoreVersion>2.0.0</keystoreVersion>
				<vroPrivateKeyPem>C:/Users/User1/Documents/Dev/certs/private_key.pem</vroPrivateKeyPem>
				<vroCertificatePem>C:/Users/User1/Documents/Dev/certs/cert.pem</vroCertificatePem>
				<vroKeyPass>VMware1!</vroKeyPass>
            </properties>
        </profile>
        <profile>
            <id>bundle</id>
            <properties>
                <assembly.skipAssembly>false</assembly.skipAssembly>
            </properties>
        </profile>
        <profile>
            <id>artifactory</id>
            <repositories>
                <repository>
                    <snapshots><enabled>false</enabled></snapshots>
                    <id>central</id>
                    <name>central</name>
                    <url>https://artifactory.nslab1.com/artifactory/libs-release</url>
                </repository>
                <repository>
                    <snapshots><enabled>true</enabled></snapshots>
                    <id>central-snapshots</id>
                    <name>central-snapshots</name>
                    <url>https://artifactory.nslab1.com/artifactory/libs-snapshot</url>
                </repository>
            </repositories>
            <pluginRepositories>
                <pluginRepository>
                    <snapshots><enabled>false</enabled></snapshots>
                    <id>central</id>
                    <name>central</name>
                    <url>https://artifactory.nslab1.com/artifactory/libs-snapshot</url>
                </pluginRepository>
                <pluginRepository>
                    <snapshots><enabled>true</enabled></snapshots>
                    <id>central-snapshots</id>
                    <name>central-snapshots</name>
                    <url>https://artifactory.nslab1.com/artifactory/libs-snapshot</url>
                </pluginRepository>
            </pluginRepositories>
            <properties>
                <releaseRepositoryUrl>https://artifactory.nslab1.com/artifactory/libs-release</releaseRepositoryUrl>
                <snapshotRepositoryUrl>https://artifactory.nslab1.com/artifactory/libs-snapshot</snapshotRepositoryUrl>
            </properties>
        </profile>
        <profile>
            <!--Environment identifier. Multiple environments are allowed by configuring multiple profiles -->
            <id>corp-dev</id>
            <properties>
				<vrealize.ssl.ignore.hostname>true</vrealize.ssl.ignore.hostname>
                <vrealize.ssl.ignore.certificate>true</vrealize.ssl.ignore.certificate>
                <!--vRO Connection-->
                <vro.host>vra8-uat.nslab1.com</vro.host>
                <vro.port>443</vro.port>
				<vro.username>vmware@System Domain</vro.username> <!--NOT RECOMMENDED USE vro.serverId and encrypted credentials-->
                <vro.password>VMware1!</vro.password> <!--NOT RECOMMENDED USE vro.serverId and encrypted credentials-->
                <vro.auth>vra</vro.auth> <!-- {basic|vra} If "basic" is selected here, ensure com.vmware.o11n.sso.basic-authentication.enabled=true System Property is set in vRO -->
                <vro.authHost>vra8-uat.nslab1.com</vro.authHost> <!-- Required for external vRO instances when vra auth is used -->
                <vro.authPort>443</vro.authPort> <!-- Required for external vRO instances when vra auth is used -->
                <vro.tenant>vsphere.local</vro.tenant>
                <!--vRA Connection-->
                <vra.host>vra8-uat.nslab1.com</vra.host>
                <vra.port>443</vra.port>
                <vra.tenant>vsphere.local</vra.tenant>
                <vra.serverId>corp-dev-vra</vra.serverId>
                <vra.username>vmware</vra.username> <!--NOT RECOMMENDED USE vra.serverId and encrypted credentials-->
                <vra.password>VMware1!</vra.password> <!--NOT RECOMMENDED USE vra.serverId and encrypted credentials-->
            </properties>
        </profile>
    </profiles>
    <activeProfiles>
        <activeProfile>artifactory</activeProfile>
        <activeProfile>packaging</activeProfile>
    </activeProfiles>
</settings>

Trust Artifactory Certificate (Optional, for self-signed Artifactory certificate only)

Method 1: Use Git Bash to download the self-signed certificate

  • Open the Git Bash Terminal
  • Execute the following (change the artifactory FQDN to match your server):
echo quit | openssl s_client -showcerts -servername server -connect artifactory.nslab1.com:443 > artifactory-cert.pem
  • Copy the certificate from the Home folder C:\Users\User1 to C:\Users\User1\Documents\Dev\certs\

Method 2: Use Edge to download the self-signed certificate

  • Launch your Artifactory URL in the Edge Browser
  • To the left of the FQDN, click Not secure
  • Click Your connection to this site isn't secure, then click the certificate icon (looks like a diploma)
  • Select the Details tab, then the Export button. Save the certificate as Base64-encoded PEM type named artifactory-cert.pem to C:\Users\User1\Documents\Dev\certs\

Install the certificate into your workstations local keystore

  • Open a Command Prompt as Administrator
  • Navigate to the folder where you saved the Artifactory certificate
  • Run the following command:
setx /M JAVA_HOME "C:\Program Files\Java\jdk-17.0.5"
keytool -trustcacerts -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit -importcert -alias artifactory -file artifactory-cert.pem

Generate an Archetype (Project Template)

  • Open a Command Prompt or Powershell Terminal
  • Create a projects folder (I used C:\Users\User1\Documents\Dev\projects)
  • Navigate to the projects folder
  • Run the following command:
mvn archetype:generate
  • You will be presented with a list of available Archetypes
  • choose “com.vmware.pscoe.o11n.archetypes:package-actions-archetype (package-actions-archetype)”
  • Enter groupId. Ex: com.mycompany.test
  • Enter artifactId. Ex: myTestAction
  • Hit Enter to accept default value for package
  • Review settings and press Y if correct
  • A project template has now been created with some sample values

Test the new Project

  • Change directory to the newly created project folder (In my case: C:\Users\User1\Documents\Dev\projects\myTestAction)
  • Run a Maven command to test your environment

Deploy Package to vRO

mvn clean package vrealize:push -P corp-dev

Conclusion

This is just the basics to get a functional vRBT workstation configured. There is a lot more functionality in vRBT than just deploying a vRO package as demonstrated. Of course, for a production environment you would not want to use self-signed certs, clear text passwords, or disabled certification checking. Again, this is just the bare minimum needed to start learning and using vRBT in a home/lab environment.

Useful Links


Posted

in

, , , , ,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *