Category Archives: SMA
Create a VM Network When Subscription is created in Windows Azure Pack with SMA part2
and finally i succeed the create a VM Network, activate NVGRE GW with NAT and set some settings how i want
in part one i explained almost everything to create a runbook, now i completed the code in part2
you can find out some stupid variables like $a , $z and also some different ideas to generate some needs which are very clear to understand but all are my own if you have better way or more short way use it pls 🙂
Important parameters are “-ForOnBehalfOf” , “-OnBehalfOfUser” , “-OnBehalfOfUserRole”
For such parameters and value what you will set please fallow your SCVMM -> Job section . You will find the owner informations there
Pls command me something wrong or need to explain more
workflow VahoTest2
{
param
(
[object]$resourceObject,
[object]$params
)
#Get some values to use it inside InlineScript
#We will generate User and UserRole to use it create a VM Network
#We have to generate first 27 character of AdminId underscore whole SubscipritonId
$WAPSubscriptionId=$resourceObject.SubscriptionId
$WAPAdminId=$resourceObject.AdminId
InlineScript
{
# I dont know why but maybe because of design Owner of the VM, Network and other objects are
# generated via first 27 character of AdminId underscore subscriptionId
$SubscriptionID = $USING:WAPSubscriptionId
$UserRole = $USING:WAPAdminId
$UserRoleCut = $UserRole.Substring(0,27)
$Under = "_"
$Dot = "."
$NameForSearch = $UserRoleCut + $Under + $SubscriptionID
# Try to generate random name for VMNetwork we will create
$NetworkName = "VirtualNetwork"
$NetworkNameSuffix = Get-Random -Maximum 9999999
$NetworkNameTemplate = $NetworkName + $Under + $NetworkNameSuffix
# Connect to SCVMM Server
# Important thing is -ForOnBehalfOf because for WAP SPF need to connect SCVMM
Get-SCVMMServer -ComputerName your.scvmm.fqdn -ForOnBehalfOf | Out-Null
#To get a SCVMM user role for only related SubscriptionId and User
$z = Get-SCUserRole | where {$_.Name -match $NameForSearch}
$a = $UserRoleCut
# Create a Virtual Network For Customer
# Actually i set static LogicalNetwork in this runbook becauase Provider Address Spaces is my NVGRE enables one
# After such command executed empty VM Network object will be appear in SCVMM
$NewVMNetwork = New-SCVMNetwork -Name $NetworkNameTemplate -LogicalNetwork "Provider Address Spaces” -OnBehalfOfUser $a -OnBehalfOfUserRole $z
# To assign ip block to customer need to randomize the octests
# Actually we are using network Virtualisation and can overlap it but treditional logic, sorry 😦
[string]$octet1 = 10
[string]$octet2 = Get-Random -Maximum 254
[string]$octet3 = Get-Random -Maximum 254
[string]$octet4 = 0
$subnetmask = "/24"
$GenerateVMNetworkSubnetID = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + $octet4 + $subnetmask
# Because of we are dealing with NVGRE,Network Virtualisation we do not have to set some VLAN ID
# Just create a subnet object, thats it
$CreateVMNetworkSubnet = New-SCSubnetVLan -Subnet $GenerateVMNetworkSubnetID
# Right now in SCVMM VM Subnets tab is empty for create VM Network above
# We need to add VM Subnet
[string]$RSID = Get-Random -Maximum 254
$NameVMSubnetUnderVMNetworkTemplate = $NetworkNameTemplate + "_Subnet" + "_" + $RSID
$CreateVMSubnetUnderVMNetwork = New-SCVMSubnet -Name $NameVMSubnetUnderVMNetworkTemplate -VMNetwork $NewVMNetwork -SubnetVLan $CreateVMNetworkSubnet -OnBehalfOfUser $a -OnBehalfOfUserRole $z
# SCVMM can do the IP Address Management, now we will define our ip range , dns
# No need to deal with GW it will be auto created
# First need to create some veriables
#$GenerateVMNetworkSubnetWithoutMask = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + $octet4
$RangeStart = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + "50"
$RangeEnd = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + "254"
# Create the IP Pool
$ipAdressPoolName = $NetworkNameTemplate+"_Pool"
$dnsIP = "8.8.8.8"
# After this command executed you have to see an IP Pool under VM Network
$staticIPAddressPool = New-SCStaticIPAddressPool -Name $ipAdressPoolName -VMSubnet $CreateVMSubnetUnderVMNetwork -Subnet $GenerateVMNetworkSubnetID -IPAddressRangeStart $RangeStart -IPAddressRangeEnd $RangeEnd -DNSServer $dnsIP -OnBehalfOfUser $a -OnBehalfOfUserRole $z
# Now time to deal with NVGRE GW Service
# This will be little static, maybe next time i will update it more dynamic and possible to load balance the service
# Lets set static veriables
$NVGREGWName = "internetgwservice2"
# A statement below basicly put the NVGREGWName in front of the _Gateway string, we will use it next
$NVGREGWNameTemplate = "{0}_Gateway" -f $NVGREGWName
# NVGRE GW have an editional interface for internet access and distribute pulic ip address to Tenant Networks
# Set you static IP Pool Name below
$NVGREGWStaticIPPoolForIntenet = "Internet01"
# A statement below basicly put the already created VM Network Name in front of the _Gateway string, we will use it next
$VMNetworkNATConnName = "{0}_NatConnection" -f $NetworkNameTemplate
# Now we are getting whole information about NVGREGW
$NVGREGWOwn = Get-SCNetworkGateway -Name $NVGREGWName
# After execute command below in SCVMM you can check the VM Network properties Connectivity Tab
# Default Connect directly to an additional logical network & Direct Routing should be choosed
#I command out first ActivateNVGREGWForVMNetwork because i got Error (11418) You do not have permission to access one or more of the objects required by this operation.
#$ActivateNVGREGWForVMNetwork = Add-SCVMNetworkGateway -Name $NVGREGWNameTemplate -EnableBGP $false -NetworkGateway $NVGREGWOwn -VMNetwork $NewVMNetwork -OnBehalfOfUser $a -OnBehalfOfUserRole $z
$ActivateNVGREGWForVMNetwork = Add-SCVMNetworkGateway -Name $NVGREGWNameTemplate -EnableBGP $false -NetworkGateway $NVGREGWOwn -VMNetwork $NewVMNetwork
# To get public ip address and activate NAT to get ip pool
$NVGREExternalIPPOOL = Get-SCStaticIPAddressPool -Name $NVGREGWStaticIPPoolForIntenet
# Check the Connectivity Tab again, NAT should be choosed and you have an IP Address Now
#$ActivateNAT = Add-SCNATConnection -Name $VMNetworkNATConnName -VMNetworkGateway $ActivateNVGREGWForVMNetwork -ExternalIPPool $NVGREExternalIPPOOL -OnBehalfOfUser $a -OnBehalfOfUserRole $z
$ActivateNAT = Add-SCNATConnection -Name $VMNetworkNATConnName -VMNetworkGateway $ActivateNVGREGWForVMNetwork -ExternalIPPool $NVGREExternalIPPOOL
}
}
Create a VM Network When Subscription is created in Windows Azure Pack with SMA part1
In this article i would like to describe how to create a VM Network under subscription of WAP (Windows Azure Pack) with using SMA when subscription is created but looks like its better to divide it two parts. Actually i m not very good about PS (powershell) and this is the first time use PS Workflow if you are like me, its better to start to read Microsoft Scripting Guy article first.
Shortly Azure Pack SMA is one of the good think i have ever seen after PowerShell for Microsoft. Shortly its a automation or orchestration tool . To install it please read this article from Romain Serre.
Actually you can find out a lot of article about SMA but i believe that this article different is explain something more clear for newbies like me.
First login WAP Service Management Portal, “AUTOMATION” section you will find out all things about create runbooks.
To create a runbook , press to New-> RUNBOOK -> QUICK CREATE
Set any name how you want, description but most important part is TAGS section , it should be “SPF” always , i will explain it a bit latter, but first important thing is never forget to tag your runbook.
Second important thing when you start to develop your workflow code pls do not change the workflow name latter, because for make a test you will run you runbook and an error will be appear that workflow name is different then what you run . If you would like to change the workflow name pls create a new workflow how you want and copy/past your code there.
After you create your first runbook pls filter it and be ready to edit for example , you can see that i clicked RUNBOOKS from top of the page and filter my runbook. I have some old runbooks and one of them is suspended other completed and newly created runbook is appeared never run, zero job and not published.
its very clear that to use runbook you need to publish, without publish your runbook it will never appear.
3rd important thing is when you develop your runbook it should never expect something from you when its run (means interaction like answer something yes or no , wait some input from console), if its then you should see such exception and runbook status will be suspended, i will show you from where you can see the such exception and script out
Click on your create runbook and wait for new screen appear
Very easy you can fallow your runbook how many times its run , status and some other informations. Click “AUTHOR” and wait a new screen appear and then click “DRAFT” because we have not published something yet, need to write some code.
WAP have an editor, for example you can see that it can automatically manage () and {} also after you start to set variables it will auto complete it when you need it next time.
Now start to talk about example code below;
We know that we created a VahoTest runbook (or your one) and next we will care about param section.
Param section manage parameters but i really confused and couldn’t understand well i saw some parameters like $resourceObject and params, because they are different then what you set a parameter. For example you can set a parameter like Name, like “param ([string]$name)” and you can request parameter “VahoTest -name something” but $resourceObject and params are little different. Actually i write down such script to understand whats inside and after all i saw that they carry many key and value for different events.
I have to explain that SMA provide event base runbook execution, we will see it shortly and configure do something when VM is created or do something when subscription create or do another thing when something deleted.
VMNetwork creation event happened and $resourceObject and params are carry something. You will see the full things when execute the script on your side.
InlineScript, workflows do not support all powershell cmdlets because of that InlineScript section comes to rescue, you can use it for commands which are not supported by workflow.
To access variables out of InlineScript section you need to use $USING:
Here maybe its good time to read something about workflow limitations.
Last lines are about testing and troubleshooting , for more please read this article.
After copy/past the code below, save it then click “PUBLISH” button. You will see that now nothing under “DRAFT” and its moved to “PUBLISHED” . When you want to edit again, come to “DRAFT” and click “EDIT RUNBOOK”
workflow VahoTest
{
param
(
[object]$resourceObject,
[object]$params
)
InlineScript
{
$params=$USING:params
$resourceObject=$USING:resourceObject
Foreach ($param in $params)
{
$param
}
Foreach ($resources in $resourceObject)
{
$resources
}
}
write-output (Get-Date)
write-warning "Warning Message"
write-error "Error Message"
write-verbose "Verbose Message"
}
Now time to assign runbook for any type of event we need, In my example above playing with “VM CLOUDs” . Click “AUTOMATION” link, you can see already created things.
In my example i want to execute runbook when VMM start to create VM Network (its easy then create a subscription or VM 🙂 ). You can imagine anything you want, for example its a good exercise to see what key/values are passed to $resourceObject and params for different kind of events
Please go to WAP from tenant portal try to create a VM Network manually, you will see that SMA will trigger the runbook , back to the admin portal find runbook , click on it and then click “JOBS” , check the job output. Thats it !
Now we are ready to switch part 2
VM
vmknowledge 