Triggering vRO Workflow with SRM Recovery Plan

Introduction

VMware Site Recovery Manager (SRM) provides you with the ability to create Custom Recovery Steps as part of a Recovery Plan.

There are two types of Custom Recovery Step, Command and Message Prompt. Each of these can be run as “top-level” steps in the recovery plan or on a “per-vm” basis during pre- and post- power on phases.

This post will explore triggering a vRO Workflow as a “top-level” step in a Recovery Plan, to summarise the steps we will go through:

  • Create vRO workflow.
  • Create shell script on SRM Appliance.
  • Create Recovery Plan with Custom Step.
  • Run a Recovery test.

If you are following this step for step, you will need:

  • Working deployment of SRM and the ability to create Recovery Plans.
  • Access to the SRM appliances to create local scripts.
  • Working deployment of vRO and access to create workflows.
  • An account with permissions to execute workflows.

Create vRO Workflow

Create a new workflow with 3 inputs, all of type string:

  • recoveryPlanName
  • recoveryPlanMode
  • recoveryVmwareVcHost

Map these inputs to a Scripting object that has the following contents.

System.debug("Recovery Plan Name: " + recoveryPlanName);
System.debug("Recovery Plan Mode: " + recoveryPlanMode);
System.debug("Recovery Plan VC: " + recoveryVmwareVcHost);

Once the workflow has been created, take note of the workflow ID. If you are using the Java Client you will find this in the ID field on the “General” tab of the workflow. If you are using the HTML5 client you will find it in the URL bar when in edit mode.

You can also download the Workflow and import it: SRM Recovery Plan Details.zip

Environment Variables

Site Recovery Manager sets the following environment variables for the duration of the command step. Тhe environment variables do not exist in Site Recovery Manager Server or the guest OS of the recovered VM when the command is completed. We will utilise these environment variables within our shell script, and you might have noticed they provide the values that our workflow is looking for as inputs.

  • VMware_RecoveryName: Name of the recovery plan that is running.
  • VMware_RecoveryMode Recovery mode.
  • VMware_VC_Host Host name of the vCenter Server at the recovery site.
  • VMware_VC_Port Network port used to contact vCenter Server.

Create Shell Script

This script will trigger the vRO workflow we have just created. It will need to be stored on the SRM server. We are using the Appliance version of SRM, if you are using the Windows version you will need to modify the commands used and save it as .bat instead of .sh.

Connect to the SRM Appliance via SSH and login as user admin.

When the recovery plan is run, this script will be triggered by the Command Custom Step, and it is run on the recovery site appliance as user srm. I would suggest adding this script to both the protected site and recovery site Appliances - this will allow you to execute the script in either direction. This script executes a function that makes a POST request to the vRO server with a payload that maps to our Workflow inputs.

#Create the script file
vi /home/admin/trigger-vro-workflow.sh

Add the following contents. You will need to modify the values for the variables on the highlighted lines. (VRO_SERVER, VRO_WORKFLOW_ID, VRO_USERNAME, VRO_PASSWORD).

#!/bin/bash

#FQDN or IP of the vRO server.
VRO_SERVER="vroserver01.domain.com"#Workflow ID to execute.
VRO_WORKFLOW_ID="67748eec-e51c-8dd9-ac57-a7ca789a706c"#Username and Password with the required credentials to execute the specified workflow.
#Recommendation is to create a service account for just this purpose, with reduced permissions to workflows.
#Or modify the script to retirieve the credentials from something like Hashicorp Vault
VRO_USERNAME="administrator@vsphere.local"VRO_PASSWORD="password1!"
#Autogenerated
DATE=$(date "+%Y-%m-%d_%H-%M-%S")
VRO_URL=https://$VRO_SERVER/vco/api/workflows/$VRO_WORKFLOW_ID/executions

vro_function() {
  echo "$DATE: Recovery Plan $VMware_RecoveryName ran in $VMware_RecoveryMode mode"
  echo "vRO REST Call: $VRO_URL"

  curl -k $VRO_URL \
    -H "Accept: application/json" \
    -H "Content-Type:application/json" \
    --user $VRO_USERNAME:$VRO_PASSWORD \
    -d "$(
      cat <<EOF
    {
      "parameters": [
        {
          "value": {
            "string": {
              "value": "$VMware_RecoveryName"
            }
          },
          "type": "string",
          "name": "recoveryPlanName",
          "scope": "local"
        },
        {
          "value": {
            "string": {
              "value": "$VMware_RecoveryMode"
            }
          },
          "type": "string",
          "name": "recoveryPlanMode",
          "scope": "local"
        },
        {
          "value": {
            "string": {
              "value": "$VMware_VC_Host"
            }
          },
          "type": "string",
          "name": "recoveryVmwareVcHost",
          "scope": "local"
        }
      ]
    }
EOF
    )"
echo  #add new line in log file
echo "------------------"

} >> /tmp/SRM-VRO-Output.log 2>&1
vro_function

exit 0

When the script is triggered through the Custom step, it is run as user srm. To support this, we need to change the permissions on our script.

#Change the scripts access permissions, to allow the user "srm" to execute it
chmod 755 /home/admin/trigger-vro-workflow.sh

Create/Modify SRM Recovery Plan

Create or Modify an SRM Recovery Plan, on the Recovery Steps tab, right click on Power on priority 1 VMs and select “Add Step Before”.

  • Type: Command on SRM Server
  • Name: vRO Workflow
  • Content: /bin/sh -c /home/admin/trigger-vro-workflow.sh
  • Timeout: 5 minutes

Execute a TEST of the Recovery Plan, you should hopefully see a success against the vRO Workflow step.

SRM Recovery Plan insert step context menu

Custom recovery step options and settings modal

SRM Recovery Plan steps after custom step has been added

SRM Recovery Plan test with successful mark against the custom step

Check Appliance Log Files and vRO Workflow Log

Check the Workflow within vRO, you should see a new run. Check the logs to see details from our recovery plan.
You should see an output similar to the below.

[2020-12-02 12:15:29.139] [D] Recovery Plan Name: recovery-plan-01
[2020-12-02 12:15:29.143] [D] Recovery Plan Mode: test
[2020-12-02 12:15:29.153] [D] Recovery Plan VC: drvcenter.domain.com

In the script we created earlier, we output all of the logs from our function to a file /tmp/SRM-VRO-Output.log. This will show details of the API request, and some additional logs.

2020-12-02_12-22-24: Recovery Plan recovery-plan-01 ran in test mode
vRO REST Call: https://vroserver01.domain.com/vco/api/workflows/67748eec-e51c-8dd9-ac57-a7ca789a706c/executions
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1360    0   627  100   733   8360   9773 --:--:-- --:--:-- --:--:-- 18133
{"id":"2a7edc1a-78b3-4710-b25d-593d1ffe1b29","state":"running","start-date":"2020-12-02T12:23:55Z","started-by":"administrator@vsphere.local","name":"SRM Recovery Plan Details","current-item-for-display":"__item-undefined__","input-parameters":[{"value":{"string":{"value":"recovery-plan-01"}},"type":"string","name":"recoveryPlanName","scope":"local"},{"value":{"string":{"value":"test"}},"type":"string","name":"recoveryPlanMode","scope":"local"},{"value":{"string":{"value":"drvcenter.domain.com"}},"type":"string","name":"recoveryVmwareVcHost","scope":"local"}],"output-parameters":[],"workflow-attributes":[]}
------------------

Closing

The script and workflow within this post are very simple use cases. In a real world scenario you could modify the vRO Workflow to retrieve additional details about the Recovery Plan - as we have been provided with the Recovery Plan name - for instance, we could retrieve a list of all Virtual Machines protected by the plan and tag them on the recovery site with some data.

The script can also be used on a per-vm basis, this allows much more fine grained controls and it also provides us access to additional environment variables.

  • VMware_VM_Uuid: UUID used by vCenter Server to uniquely identify this virtual machine.
  • VMware_VM_Name: Name of this virtual machine, as set at the protected site.
  • VMware_VM_Ref: Managed object ID of the virtual machine.
  • VMware_VM_GuestName: Name of the guest OS as defined by the VIM API.

Additional Resources

SRM Administration Guide PDF (docs.vmware.com)
SRM Creating Custom Recovery Steps (docs.vmware.com)
Adding SRM Protection to VMs via vRA (kskilling.com)

Published 1 Dec 2020

Tags


Automation Consultant, currently working at Xtravirt. Interested in all things automation/devops related.
Sam Perrin on Twitter