Connecting the blueprint design server to VMware vCenter

To connect to VMware vCenter, map the VMware vCenter account information to a functional ID. Then, assign that functional ID to a team.

Before you begin

Obtain an OpenStack Keystone server. The blueprint design server requires a Keystone server to connect to any cloud. You can reuse a Keystone server that is connected to a different cloud, or you can install a Keystone server for use with vCenter. See the OpenStack documentation
Obtain an engine. The engine version must match the version of the OpenStack Keystone server. You can use any of the following options for the engine:
- Install an engine. See Installing engines in silent mode or Installing engines in interactive mode.
- If you already have an engine, connect it to the Keystone server as described in Connecting engines to Keystone servers.
- Extend an existing Heat orchestration engine and connect it to the Keystone server. See Extending Heat orchestration engines.
Create a functional user account on the Keystone server. This user account must be a member of the administrative tenant on the Keystone server. Later, you associate the vCenter account information with this functional ID. With this account, users can authenticate to vCenter.
The vCenter account must have the following permissions:
- System.View permission for the root folder
- Datastore.Browse and Datastore.FileManagement permissions for the datacenter
- Datastore.Browse and Datastore.FileManagement permissions for the datastore
By default, images are provisioned to a cluster. The target cluster must have enabled support for DRS (Distributed Resource Scheduler). Provisioning to a non-DRS cluster causes an error at provisioning time. As an alternative, you can provision images to a resource pool, as described in Modeling environments for VMware vCenter.
Install the blueprint design server. See Installing the blueprint design server.
Connect the blueprint design server to the server. See Connecting the blueprint design server to the server.
Ensure that the blueprint design server can connect to the cloud. You can verify the connection path with the curl or telnet commands. For example, make sure that no firewall, proxy, or security settings prevent communication between the blueprint design server and the cloud.

About this task

The following diagram shows a typical topology for this scenario. The blueprint design server and engine connect to vCenter. For authentication information, the blueprint design server connects to the Keystone identity service and optionally to an LDAP server.

A topology that includes the blueprint designer, an engine, vCenter, a Keystone server, and an optional LDAP server

Procedure

Log in to the blueprint designer as a user with the following permissions:
- Configure Security
- Manage Users & Groups
Create a connection to the cloud:
1. Click Settings > Clouds.
2. Click Add New Cloud.
3. Specify a name for the cloud connection.
4. In the Type list, select VMware.
5. In the Endpoint Type list, select the type of URL that you use to connect to this cloud.
  - If you connect through a private URL, select Internal.
  - If you connect through a public URL, select Public.
6. In the Identity URL field, specify the location of the identity service, such as https://example.com:5000/v2.0 or https://example.com:5000/v3. Do not include a trailing slash. If you installed a Keystone server along with your engine, you can use that server. If you installed version 6.2.1.1 and later, specify the value https://engineHostname:5000/v3. If you installed a version before 6.2.1.1, specify the value https://engineHostname:5000/v2.0. In both examples, the value for engineHostname is the host name or IP address of the engine.
7. In the Timeout in Mins field, specify the amount of time in minutes to wait for a provision request to be completed. If you deploy IBM® UrbanCode™ Deploy components, allow sufficient time for the cloud to provision your instance, the agent to come online, and all processes to run. See Creating a IBM UrbanCode Deploy timeout configuration file. If you apply Chef roles to environments, allow sufficient time for the Chef roles to complete.
8. Specify the Heat orchestration engine to use:
  - To use the default Heat engine for the Keystone server, select the Use default orchestration engine check box.
    Note: This engine must have the custom types for the blueprint design server as described in Extending Heat orchestration engines.
  - To use a different Heat engine, such as an engine that you installed through Installing engines, clear the Use default orchestration engine check box and specify the location of your engine, such as http://engine.example.com:8004.
    Note: Do not use the localhost variable in this field, even if the engine is on the same system as the blueprint design server.
9. Clear the Use default orchestration engine check box and then in the Orchestration Engine URL field, specify the Heat engine to use. In most cases, specify the location of the engine that you installed in Installing engines or Extending Heat orchestration engines, such as http://engine.example.com:8004.
  Note: Do not use the localhost variable in this field, even if the engine is on the same system as the blueprint design server.
10. Optional: Select the cost center to use to estimate the cost of environments on this cloud.
11. Click Save.
Create one or more cloud projects that tie the functional ID on the Keystone server to the VMware account information. See Creating cloud projects for the blueprint designer.
Add the cloud project to a team.
Add users to the team and to one or more roles on the team. These users can come from any authentication realm, including LDAP servers, Keystone identity services, or from the internal authentication realm.
Make sure that the team roles include the appropriate permissions for those users, such as creating and editing blueprints.

Results

You can log in to the blueprint designer as a user from that team. At the top of the page, you can select the vCenter cloud connection and cloud project to use. When you edit blueprints, the palette shows resources that are available to your vCenter account, and you can provision blueprints to vCenter.

Feedback