CI/CD with vRealize Automation Cloud

After having covered the latest updates in vRealize Automation Cloud (on-prem FaaS Provider, Custom Forms with vRO actions), I will now come to one of the strengths of VMware’s service offerings: Code Stream. This blog explains what Swisscom wants to achieve regarding infrastructure as code, automated testing and continuous integration and delivery.

Swisscom’s Requirements

Swisscom is providing virtual private cloud (VPC) to our customers. We are enforcing a strong logical isolation of shared compute, network and storage. Within these VPCs we are providing different service levels from basic IaaS offerings up to fully managed tenants according to the needs of our customers. Some of them are themselves service providers within their enterprise and want to build their own standardized services on a Swiss hosted platform, others prefer to outsource at least parts of their IT landscape completely to our operation teams.
We have built a service provider level framework based on vRealize Automation Suite (7.x) by extending its functionality with vRO workflows and plugins and vRA’s extensibility framework.

We want to allow our customers to do further customization to meet their specific requirements, i.e. bring their own identity providers, private vCenter templates, self-service NSX-V micro segmentation, migration of VMs and much more.

As a service provider we take care to enforce some basic policies to maintain the strict isolation between tenants and to enable additional cross-cutting services like billing and monitoring. On top of this operational runway we build customized configurations for our clients. These tasks are executed with highest possible automation and least possible manpower in a very reliable way. Currently we have biweekly deployments and the complexity of the configuration does not allow to test the changes manually. We rely heavily on a complex configuration management, automated builds, testing and deployments as well as monitoring, reporting and support processes.

CICD@Swisscom

Automated testing requires a clearly defined base line. We must ensure that all prerequisites for testing are met and that no leftovers of previous tests are interfering with our tests. This involves a quite sophisticated inconsistency search and remediation process on the infrastructure (vCenter, IPAM, Storage) for integration tests and multiple dedicated testing environments:

 

Our CICD Build Pipelines

CICD concept tested with vRAC

 

 

Target CICD Process

Multi-tenancy is provided in vRAC with multiple organizations. Swisscom is using an organization for developing and testing new features. Our developers want to use their favorite IDEs and text editors on their laptops. They check in the scripts (yaml, json, js, python, …) and other assets (icons, docs, ..) into a GIT repository using branches.

vRAC allows to configure infrastructure on project (vRA 7.x: Business Group) level, particularly cloud accounts (vCenter connections), blueprints and integrations to other systems. According to our first evaluation, it would be possible to have the build pipeline stages as projects within the same organization. This would be a improvement to our vRA 7.x setup where we have dedicated vRA installations per stage.

For our evaluation test I created the following functions

  • Create projects on demand, synch blueprints and actions from GIT
  • Create Subscriptions
  • Delete Project

Not yet implemented:

  • Create Organizations on demand
  • Create Cloud Accounts
  • Create Cloud Zones
  • Tagging
  • Multi-Cloud Business Models (billing)

AWS has a similar concept to setup VPCs via Cloud Formation Templates.

Our first bit (project.yaml) looks like this:


projectName: FAAS
description: FAAS Integration Stage
administrators:
- email: user@someserver.com
  type: user
members:
- email: user@someserver.com
  type: user
cloudZones:
- name: AWS Swisscom / eu-west-1
  priority: 100
  maxNumberInstances: 0
- name: AWS Swisscom / us-east-1
  priority: 100
  maxNumberInstances: 0
- name: DanielesGCP / europe-north1
  priority: 100
  maxNumberInstances: 0
- name: DanielesGCP / europe-west1
  priority: 100
  maxNumberInstances: 0
- name: DanielesGCP / us-west1
  priority: 100
  maxNumberInstances: 0
- name: Swisscom Azure / North Europe
  priority: 100
  maxNumberInstances: 0
- name: Swisscom Azure / West Europe
  priority: 100
  maxNumberInstances: 0
- name: VMC on AWS-vsphere / SDDC-Datacenter
  priority: 100
  maxNumberInstances: 0
pksEndpoints: []
sources:
- integrationName: Danieles Github
  path: blueprints
  branch: vmworld2019
  repository: bluebossa63/scscopcas
  contentType: BLUEPRINT
- integrationName: Danieles Github
  path: actions
  branch: vmworld2019
  repository: bluebossa63/scscopcas
  contentType: ABX_SCRIPTS

With our first services we are able to define the setup of a project with all needed infrastructure dependencies declaratively via a simple yaml-file. Think of having a whole organization described like a blueprint  – that’s what we call „infrastructure as code“. It allows us to create projects only for a test cycle and tear them down if the tests have been performed.

VMworld Barcelona

If you’re attending please join us for the Breakout Session HBO3559BE. We will demo this functionality live on stage. And stay tuned: I will explain in detail how we have configured Code Stream for our evaluation test.